locked
Hide connection strings RRS feed

  • Question

  • I would like to encrypt  my connection strings in the web.config file.  With azure is this the best way to do this.  I am trying to add them in my app service as shown below but I am not certain to retrieve them.  Any advice or suggestions would be greatly appreciated.  I have been searching and reading but not having much luck.

    Saturday, November 16, 2019 1:15 AM

Answers

  • Thank you to everyone for the reply.  For me it was simple.  Just go to the App Service --> Configuration.  Add the connection string.  As an example if you call the connection string name "mySecretConStr"  it's is easy to retrieve at run time.

    private string CS = ConfigurationManager.ConnectionStrings["mySecretConStr"].ConnectionString;

    For me that is working and it keeps the credentials hidden and out of the web.config file.

    Monday, November 18, 2019 1:03 AM

All replies

  • Hi Paul,

    The following Stack Overflow thread indicates that this can be done: Encrypting connection strings for azure webapp. By using the aspnet_regiis.exe tool, you can encrypt the connection strings portion of the web.config file.

    How to Encrypt Web.config Using aspnet_regiis.exe (Framework 4+) Focus on Web Farms

    The Stack Overflow thread identifies additional options available to you, such as using Azure Key Vault, to store credentials or certificates...in the case of token based authentications.

    Is the objective to hide credential information or do you have a requirement to secure sensitive information such as host information?

    Mike

    Saturday, November 16, 2019 1:57 AM
  • Hi Mike,

    Thank you for the information.  My goal is just to hide credential information.

    Paul

    Saturday, November 16, 2019 11:48 AM
  • Hi Paul,

    you may configure credentials using key vault in Azure.

    Hope this will helpful to you.

    Sushil

    Sunday, November 17, 2019 10:32 AM
  • Thank you to everyone for the reply.  For me it was simple.  Just go to the App Service --> Configuration.  Add the connection string.  As an example if you call the connection string name "mySecretConStr"  it's is easy to retrieve at run time.

    private string CS = ConfigurationManager.ConnectionStrings["mySecretConStr"].ConnectionString;

    For me that is working and it keeps the credentials hidden and out of the web.config file.

    Monday, November 18, 2019 1:03 AM
  • Thank you for this update. I am going to mark this as the answer as it is a very helpful to others looking for the same solution, and it was the solution in your case. Thank you!
    Monday, December 2, 2019 6:46 PM