Home/ Questions/Q 830903
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T04:07:10+00:00

What is the best practice for encrypting the connectionStrings section in the web.config file

  • 0

What is the best practice for encrypting the connectionStrings section in the web.config file when using LINQ TO SQL?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First of all, encrypting section in web.config/app.config is not specific to just Linq2Sql. .Net framework comes with special set of classes that lets you independantly encrypt/decrypt parts of web.config/app.config.

    You can encrypt sections of your web.config using DPAPI provider. Nothing else need to change in your application. you still keep reading appsettings and conn. strings as usual. Use this code below to encrypt/decrypt parts of your config file.

    //call: ProtectSection("connectionStrings","DataProtectionConfigurationProvider"); 
private void ProtectSection(string sectionName, string provider) 
{ 
    Configuration config = 
        WebConfigurationManager. 
            OpenWebConfiguration(Request.ApplicationPath); 

    ConfigurationSection section = config.GetSection(sectionName); 

    if (section != null && !section.SectionInformation.IsProtected) 
    { 
        section.SectionInformation.ProtectSection(provider); 
        config.Save(); 
    } 
} 

//call: UnProtectSection("connectionStrings"); 
private void UnProtectSection(string sectionName) 
{ 
    Configuration config = 
        WebConfigurationManager. 
            OpenWebConfiguration(Request.ApplicationPath); 

    ConfigurationSection section = config.GetSection(sectionName); 

    if (section != null && section.SectionInformation.IsProtected) 
    { 
        section.SectionInformation.UnprotectSection(); 
        config.Save(); 
    } 
}
    • 0