22.10. Encrypt Connection Information
ASP.NET doesn't serve (display) certain types of files to the browser, including configuration files. However, don't tempt fate by flashing a SQL Server password in the web.config file. Follow these steps to encrypt the connection strings in the web.config file:
Open a command prompt and change to the directory where aspnet_regiis.exe is stored. (Try C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727.)
Enter the following command, replacing "c:\deploy" with your deployment folder:
aspnet_regiis -pef "connectionStrings" "c:\deploy"
The tool adds several nodes to the <connectionStrings> element, such as <EncryptedData> and <CipherValue>. Your secrets are somewhere within all those nonsense characters and harder to decipher than the DaVinci code — except by ASP.NET!
|
aspnet_regiis -pdf "connectionStrings" "c:\deploy"
Get ASP.NET 3.5 For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.