ASP.NET/.NET interview Question - How do you encrypt the connection strings in web.config file?

 Posted by ArticlesMaint on 5/24/2011 | Category: ASP.NET Interview questions | Views: 3459

When you host your site on server, sometimes happens that your site is handled by an third party or any other individual who is responsible to handle the server. As your site is handled or manage by another person it can be possible for that person to view your connection string and can make changes to the same. So in order avoid this we need to encrypt your connection string.

This can be achieved by using aspnet_regiis tool provided by the ASP.NET.

It’s a very simple 3 steps process.

Step 1:- Let first define the connection string in web.config file like below code snippet.

    <add name="Constr" connectionString="Data Source=localhost;Initial Catalog=YourDataBaseName; Integrated Security=True"/>

In the above snippet code you can see that the connection string easily visible by anyone because it is in decrypted format. Hence to prevent or protect the connection string we need to encrypt connection string in such a way that it is not visible to anyone.

Step 2: - Just go to Visual Studio Command Prompt and use aspnet_regiis tool to encrypt the defined connection string like below diagram.


Now just execute the Visual Studio Command Prompt and if the encryption is done successfully a message will be displayed like below diagram.


Step 3:- Go to web.config file and you will see that connection string is now in encrypted format like below diagram.


You will be also interested in watching the below video, which are also
asked in most of the interviews and favourable question of interviewers.

Asked In: Many Interviews | Alert Moderator 

Comments or Responses

Login to post response