Share via

how can i encrypt app.config when deploying a windows forms app?

James Foy 25 Reputation points
2023-08-16T15:45:10.18+00:00

The app.config file is plain language and contains passwords for data connection strings. How can I encrypt it for deployment?

Developer technologies Windows Forms
Developer technologies .NET Other

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-08-17T03:13:26.1733333+00:00

    Hi @James Foy ,Welcome to Microsoft Q&A,

    Regarding encrypted strings, a low-cost way is to use the AES symmetric encryption algorithm, and then use a secure method to generate a key.

    You could use a cryptographically secure pseudo-random number generator to generate a random key. Keys should be strong enough to resist cracking and brute force attacks.

    Regardless of the encryption method you use, what matters is how you plan to store the keys.

    About the AES key. You can generate a key before deployment and manually enter the key when deploying.

    It is also possible if you choose to accept the key from the server.

    If you deploy directly on the machine, you can also use DPAPI encryption, but the encryption key is computer-level.

    KEY is not required at runtime.

    Best Regards,

    Jiale

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Karen Payne MVP 35,586 Reputation points Volunteer Moderator
    2023-08-17T07:51:07.96+00:00

    Use the following

    using System;
using System.Configuration;
using System.IO;

namespace ExampleProject.Classes
{

    public class ConnectionProtection
    {
        public string FileName { get; set; }
        /// <summary>
        /// Determine if configuration file exists for application
        /// </summary>
        /// <param name="fileName">Current executable and path</param>
        public ConnectionProtection(string fileName)
        {
            if (!File.Exists(string.Concat(fileName, ".config")))
            {
                throw new FileNotFoundException(string.Concat(fileName, ".config"));
            }
            FileName = fileName;
        }
        /// <summary>
        /// Encrypt ConnectionString
        /// </summary>
        /// <param name="encrypt"></param>
        /// <param name="fileName"></param>
        /// <returns></returns>
        private bool EncryptConnectionString(bool encrypt, string fileName)
        {
            bool success = true;
            Configuration configuration = null;

            try
            {
                configuration = ConfigurationManager.OpenExeConfiguration(fileName);
                var configSection = (ConnectionStringsSection)configuration.GetSection("connectionStrings") as ConnectionStringsSection;

                if ((!(configSection.ElementInformation.IsLocked)) && (!(configSection.SectionInformation.IsLocked)))
                {
                    if (encrypt && (!configSection.SectionInformation.IsProtected))
                    {
                        // encrypt the file
                        configSection.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
                    }

                    if ((!encrypt) && configSection.SectionInformation.IsProtected) //encrypt is true so encrypt
                    {
                        // decrypt the file. 
                        configSection.SectionInformation.UnprotectSection();
                    }

                    configSection.SectionInformation.ForceSave = true;
                    configuration.Save();

                    success = true;

                }
            }
            catch (Exception ex)
            {
                success = false;
            }

            return success;

        }
        public bool IsProtected()
        {
            Configuration configuration = ConfigurationManager.OpenExeConfiguration(FileName);
            var configSection = (ConnectionStringsSection)configuration.GetSection("connectionStrings");
            return configSection.SectionInformation.IsProtected;
        }
        public bool EncryptFile()
        {
            if (File.Exists(FileName))
            {
                return EncryptConnectionString(true, FileName);
            }
            else
            {
                return false;
            }
        }
        public bool DecryptFile()
        {
            if (File.Exists(FileName))
            {
                return EncryptConnectionString(false, FileName);
            }
            else
            {
                return false;
            }
        }
    }

}

    Usage

    namespace ExampleProject
{
    public partial class Form1 : Form
    {
        private readonly ConnectionProtection _protection = 
            new ConnectionProtection(AppDomain.CurrentDomain.BaseDirectory);

        public Form1()
        {
            InitializeComponent();
            if (!_protection.IsProtected())
            {
                _protection.EncryptFile();
            }
        }

        private void button1_Click(object sender, EventArgs e)
        {
            _protection.DecryptFile();
            try
            {
                // do database work
            }
            finally
            {
                _protection.EncryptFile();
            }
            
        }
    }
}
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.