How to prevent reading app.config?

Question

Sorry if this looks like a stupid question.

My application uses a connection string to connect to a SQL Server 2008 database and uses Crystal Report, my server use mix authentication mode.

The problem is: app.config file shows connection string (user name & password) which I don't want anyone to see!

Data Source=.\SQLEXPRESS;Initial Catalog=ComplainsDb;Persist Security Info=false; User ID=abcde ;Password=MyPassword

Thanks for any help.

Encrypt the app.config. Google it you will find lots of about it .. — Rajeev Kumar, Sep 23 '13 at 09:20
Related [question](http://stackoverflow.com/questions/11637348/encrypt-connection-string-in-app-config) — Patrick Stephansen, Sep 23 '13 at 09:22

shamp00 · Accepted Answer · 2016-09-22T20:19:36.817

3

You need to call something like this when your program starts:

    void EncryptConnectionStringsIfNecessary()
    {
        var configFile = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None);
        ConnectionStringsSection section = configFile.ConnectionStrings;
        if (section != null)
        {
            if (!section.IsReadOnly())
            {
                if (!section.SectionInformation.IsProtected)
                {
                    section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
                    section.SectionInformation.ForceSave = true;
                    configFile.Save(ConfigurationSaveMode.Full);
                }
            }
        }
    }

edited Sep 22 '16 at 20:19

answered Sep 23 '13 at 09:33

shamp00

10,837
4
34
77

That is work for me so far.. but how can i decrypt this file?? – E.S Sep 24 '13 at 06:42
1

You don't usually need to do anything. As explained in [the MSDN documentation](http://msdn.microsoft.com/en-us/library/hh8x3tas.aspx), the .NET framework will decrypt the settings automatically when you access `ConfigurationManager.ConnectionStrings[connectionStringName]`. – shamp00 Sep 24 '13 at 07:51
Thanks a lot for every one help me – E.S Sep 24 '13 at 08:10
FYI: `ConfigFile` should be `configFile`. ;) – James Wilkins Sep 20 '16 at 23:46
Thanks @JamesWilkins. Updated. – shamp00 Sep 22 '16 at 20:20

How to prevent reading app.config?

1 Answers1