how to encrypt connection string in web.config in asp.net 2.0 application

Question

Hi Friends,

we have asp.net 2.0 application deployed in a windows server. When i looked in to the windows server I could see there are multiple applications deployed in IIS and some of them are .NET CLR Version v.4.0 and some of them are v2.0.

We were told to encrypt the connection string in all the v.2.0 application.

My question is if we encrypt the connection string do we need to change anything in the C# code ?
How can I achieve this encrypting connection string without changing anything in the c#code?
The reason is the ASP.NET application was developed almost 10 to 12yrs before and we cannot take risk in changing anything in the C#code

Answer 1

You can encrypt your web.config in two ways. Either using codebehind or command line as described this article encrypting web.config file

According to the above resource, when you encrypt your web.config file using command line, then you have to export the required files to your web server in order for your application to encrypt and decrypt the web.config file successfully.

But using codebehind makes things easier cos there is no exportation of keys here. Everything can be performed on your web server with just a click.

Mine was done in VB.Net so the above link was really helpful. As per your case, you may try converting the code using code converter.

Answer 2

Assuming you encrypted the file as shown in https://www.codeproject.com/Tips/795135/Encrypt-ConnectionString-in-Web-Config , ASP.NET automatically decrypts the contents of the Web.Config file when it processes the file. You can run your existing application by encrypting your Web.Config file and it will run without any modification to your existing code.