none
Encrypt Connection String in App.Config of ClickOnce Winforms App

    Question

  •  

    Hello all,

     

    I have read lots of posts about encrypting and decrypting the connection string in an app.config file for ASP apps and for Winforms apps that have a MSI installer.

     

    What is the method to encrypt an app.config connection string that is distributed via a ClickOnce without installing certificates on each client machine? 

     

    I can't use any decryption method that relies on details of the machine that performed the original encryption.

     

    Thanks in advance

    Monday, May 26, 2008 10:59 PM

Answers

All replies

  • Because the application will run with the credentials of the user.. There isn't imho a good way to keep credentials away from the user in that situation.

    If you place an application server (between client and database) you can store the credentials there and offer access to the database via a service to the application


    [winforms app] <-----> [application/bussines logic server] <---------> database
    • Proposed as answer by Bruno Yu Monday, June 02, 2008 5:41 AM
    • Unproposed as answer by HarpDog Tuesday, September 16, 2008 5:54 PM
    Tuesday, May 27, 2008 6:57 AM
  • Thanks for your response to my question.

     

    I need this solution to work in a 2-tier architecture as well as 3-tier.  I have found an article here that may provide a

    possible solution. I'll try it out and post back my results:

     

    http://guy.dotnet-expertise.com/CommentView,guid,b3850894-3a8e-4b0a-aa52-5fa1d1216377.aspx

     

     

     

     

    • Marked as answer by Bruno Yu Monday, June 02, 2008 5:41 AM
    • Unmarked as answer by HarpDog Tuesday, September 16, 2008 5:55 PM
    • Marked as answer by HarpDog Tuesday, September 16, 2008 5:55 PM
    Thursday, May 29, 2008 12:12 AM