Storing and Reading Base64 Encoded Connection String in Web.Config

Home	About Us	ASP.NET Online Courses	Yoga Articles	Contact Us

Online Courses
ASP.NET Core
Design Patterns
Meditation

Online Courses

ASP.NET Core

Design Patterns

Meditation

Categories
ASP.NET
ASP.NET MVC
ASP.NET Core
jQuery
HTML5
Web Services
Data Access
.Net Framework
Windows Forms
Book Reviews
Projects
Miscellaneous
Thoughts & Musings
Videos
Search Articles

Categories

ASP.NET

ASP.NET MVC

ASP.NET Core

jQuery

HTML5

Web Services

Data Access

.Net Framework

Windows Forms

Book Reviews

Projects

Miscellaneous

Thoughts & Musings

Videos

Search Articles

Article Updates
RSS Feed

Article Updates

RSS Feed

ASP.NET Core 5.0 : MVC, Razor Pages, Web API, EF Core, Blazor, Design Patterns, and more. Private online coaching for software developers. Click here for more details.

Storing and Reading Base64 Encoded Connection String in Web.Config

Introduction

Many people store database connection string in web.config file. However, web.config file being an XML file, the data stored there is in clear text format. This is especially important for connection strings because anybody can easily see your database details including user id and password. In this article we will see how you can encrypt values stored in web.config using Base64 encoding and later on decrypt them in your code. Note that Base64 encoding is not a secure algorithm but it is a quick and easy way to hide the connection string details from casual readers.

Storing custom values in web.config

You store custom configuration values in web.config using <appSettings> section. The section looks like this:

<appSettings>
   <add key="connectionstring" 
   value="data source=.\vsdotnet;initial 
   catalog=Northwind;user id=sa;password=mypassword"/>
</appSettings>

In short you store key-value pairs inside the <appSettings> section.

Encrypting connection string

In order to encrypt above connection string we will be using System.Convert class. We will build a small console application that allows us to pass plain connection string as command line argument and then displays encrypted version on the console.

The code looks like this:

Public Shared Sub Main(args() As String)
Dim data() As Byte = System.Text.ASCIIEncoding.ASCII.GetBytes(args(0))
Dim str As String = Convert.ToBase64String(data)
Console.WriteLine(str)
End Sub

Here, we are using System.Text.ASCIIEncoding.ASCII class to convert the connection string to an array of bytes. This is necessary because the Convert class function ToBase64String() expects array of bytes and then returns Base64 encoded version of it.

You can invoke above application (I created it as Base64Encrypter.exe) at command prompt like this:

Base64Encrypter.exe "data source=.\vsdotnet;initial catalog=Northwind;user id=sa;password=mypassword"

The output will be:

ZGF0YSBzb3VyY2U9Llx2c2RvdG5ldDtpbml0aWFsIGNhdGFsb2c9Tm9ydGh3aW5kO3VzZXIgaWQ9c2E7
cGFzc3dvcmQ9bXlwYXNzd29yZA==

You can now copy-paste this encoded version of the connection string in the web.config. The new appSettings section will look like this:

Reading the encrypted connection string back

Now, let us see how we can read the encrypted connection string and decrypt it so that we can use it further.

Dim data() As Byte = Convert.FromBase64String
(ConfigurationSettings.AppSettings("connectionstring"))
str = System.Text.ASCIIEncoding.ASCII.GetString(data)

Here, we again used the Convert class and called its FromBase64String function. This function accepts Base64 encoded string and returns a byte array. In order to retrieve the appSetting value we used ConfigurationSettings class as shown above. Finally, we used ASCII class again to convert the byte array to a string.

Summary

In this article we saw how to encrypt and decrypt your web.config values using Base64 encoding. Note that Base64 encoding is NOT a secure algorithm but it hides the connection string details from causal readers. You can use some stronger cryptographic algorithm if you wish.

Bipin Joshi is an independent software consultant, trainer, author, yoga mentor, and meditation teacher. He has been programming, meditating, and teaching for 24+ years. He conducts instructor-led online training courses in ASP.NET family of technologies for individuals and small groups. He is a published author and has authored or co-authored books for Apress and Wrox press. Having embraced the Yoga way of life he also teaches Ajapa Yoga to interested individuals. To know more about him click here.

Get connected : Facebook Twitter LinkedIn YouTube

Posted On : 24 April 2004

Tags : ASP.NET Web Forms Security Configuration

Popular from this category
Passing Values between ASP.NET Web Forms
Creating DataGrid Templated Columns Dynamically - Part I
Creating Dialog Boxes using ASP.NET, JavaScript and IE
Creating DataGrid Programmatically
Quickly Adding A New Row In DataGrid
Using Radio Buttons To Select DataGrid Row
Confirming Deletes in ASP.NET DataGrid
Downloadable DataGrid samples for beginners
Creating Master-Detail Listings using ASP.NET controls
Displaying Two DataTables In One DatGrid

Storing and Reading Base64 Encoded Connection String in Web.Config

Introduction

Storing custom values in web.config

Encrypting connection string

Reading the encrypted connection string back

Summary

Subscribe to our newsletter

Receive Weekly Updates