Encrypt Connection Strings in VS 2005 .config Files

Introduction

The old adage that the only constant is change is true. Even when change makes things easier, change can be disruptive without an oracle. In this article, I will show you how you can build on knowledge you have about connection strings and encrypting data—especially if you are a long time reader of this article series.

In present editions of .NET, connections could be built with a .udl file, and copied and pasted into a .config file. If you cleverly decided to encrypt your connection string, you could use the DataProtection (DPAPI) wrapper created in “Encrypt DataSets for Offline Storage” in http://www.developer.com/net/net/article.php/3465301. All of these capabilities still exist, but they have been consolidated and will be easier to use in Visual Studio 2005, once you know where the changes were made.

In this article, I will show you how to add a connection string to your app.config file in Visual Studio 2005, how to encrypt that connection string, and introduce a tool for automatically encrypting connection strings for ASP.NET.

Adding a Connection String to Project Settings

With so much technology changing all the time, it is easy to have a Homer Simpson moment—Doh!—and later realize you did something the old way when a new easier way exists. I do this all the time and am sure I am not the only one. (I hate that when it happens.) Project settings and .config files will provide ample opportunity for Homer moments in the near future.

In Visual Studio 2005, Microsoft is increasing a reliance on XML but seems to be moving away from the requirement that you have to write XML directly to use it. XML makes a better storage medium than an author medium—that is, it is great to use but unnatural to write—and in Visual Studio 2005 the XML in an App.config file can be managed by Project Properties pages. For example, to add elements that were traditionally application settings we can select Project|<projectname> Properties, change to the Settings tab and click to begin adding settings using a visual designer instead of writing XML.

For example, to add a connection string, follow these steps:

  1. Ensuring the Settings tab of the project properties page is open, add a new item named ConnectionString.
  2. Change the type to (Connection String) and the scope to Application.
  3. In the Value column, click the elided button to open the connection string designer (see Figure 1).
  4. Define and test the connection string as you would using the Data Link Properties editor defined for .udl files. Click OK.

Figure 1: The integrated connection string builder is used like Data Link Properties editor.

Figure 2: The Settings tab is used to manage elements in configuration files.

After completing Step 4, the Value field—see Figure 2—will contain the connection string for your server. (The actual server doesn’t matter, but I used the Northwind sample database for SQL Server for the example.)

More by Author

Must Read