Friday, May 27, 2011

ASP.NET/.NET interview Question - Encryption of connection strings in web.config file?


When you host your site on server, sometimes happens that your site is handled by an third party or any other individual who is responsible to handle the server. As your site is handled or manage by another person it can be possible for that person to view your connection string and can make changes to the same. So in order avoid this we need to encrypt your connection string.

This can be achieved by using aspnet_regiis tool provided by the ASP.NET.

It’s a very simple 3 steps process.

Step 1:- Let first define the connection string in web.config file like below
code snippet.


<add name="Constr" connectionString="Data Source=localhost;Initial
Catalog=YourDataBaseName; Integrated Security=True"/>


In the above snippet code you can see that the connection string easily visible by anyone because it is in decrypted format. Hence to prevent or protect the connection string we need to encrypt connection string in such a way that it is not visible to anyone.

Step 2: - Just go to Visual Studio Command Prompt and use aspnet_regiis tool to encrypt the defined connection string like below diagram.

Now just execute the Visual Studio Command Prompt and if the encryption is done successfully a message will be displayed like below diagram.

Step 3:- Go to web.config file and you will see that connection string is now in encrypted format like below diagram.

You will be also interested in watching the below video, which are also asked in most of the interviews and favourable question of interviewers.

Please click here to see more ASP.NET and .NET interview questions

Visit Authors blog for more ASP.NET/ .NET interview questions

No comments: