Thursday, August 19, 2010

Securing connection string in web.config

Hi All,

Although Microsoft has given us the API classes and web services to work with SharePoint. Many programmers try to reach to the database and perform the select queries.

This is not recommended at all, and that is why MS has given us the object model and web service to work with for SharePoint.

However in case if you use database for querying purpose and if you are storing the database connection information in web config file of your web application and referencing from the code somewhere, then I would strongly recommend you to secure this connection string.

It does not depend on whether you are connecting with windows authentication or forms authentication. Hiding server name and database name is as important as hiding user name and password.

So here are simple steps to perform for securing and encrypting the connection strings. Remember we should encrypt all connection strings mentioned in connectionstring tag in web.config.

Remember that encryption happens on the basis of RSA provider.

Open the visual studio command prompt. Type in this commend

aspnet_regiis -pe "connectionStrings" -app "/SPKings"

Where SPkings is the web application and here is the result of this encryption.

After this encryption, you do not need to perform any decryption in your code. Runtime will automatically decrypt this connectionstring for you. There will be very light performance issue, very light, However this is okay according to me instead of opening the username, password or server name and database name to any other person.

No comments:

Share your SharePoint Experiences with us...
As good as the SharePointKings is, we want to make it even better. One of our most valuable sources of input for our Blog Posts comes from ever enthusiastic Visitors/Readers. We welcome every Visitor/Reader to contribute their experiences with SharePoint. It may be in the form of a code stub, snippet, any tips and trick or any crazy thing you have tried with SharePoint.
Send your Articles to with your Profile Summary. We will Post them. The idea is to act as a bridge between you Readers!!!

If anyone would like to have their advertisement posted on this blog, please send us the requirement details to