From: Gerhard on 22 Mar 2010 13:04 I am working on a Silverlight Business Application. I need to change the connection string in code to use a specific user and password in Production. I don't want the password sitting in a web.config file. How can I do this? Thanks.
From: Gregory A. Beamer on 22 Mar 2010 13:33 "Gerhard" <Gerhard(a)community.nospam> wrote in message news:DEFFA1C5-131C-4DAB-B59C-5BB4619245BD(a)microsoft.com... > I am working on a Silverlight Business Application. I need to change the > connection string in code to use a specific user and password in > Production. > I don't want the password sitting in a web.config file. How can I do > this? > Thanks. Make sure you are asking the right question here, as the connection string being configurable but not in .config is possible, but it is often better to encrypt the string. If you want a user specific connection, you can use to a trusted connection, which forces user log in. But if you want a single account (SQL, not windows, auth), then you end up having to store that string somewhere, and encrypting the string with the mechanisms present in the web security namespace are the easiest methods of getting it done. To easily deploy this, you can set the machine keys yourself, which also solves the web farm problem. -- Peace and Grace, Greg Twitter: @gbworld Blog: http://gregorybeamer.spaces.live.com ************************************************ | Think outside the box! | ************************************************
From: Gerhard on 22 Mar 2010 14:14 Thanks. Is there a tutorial on how to encrypt the string with the mechanisms present in the web security namespace "Gregory A. Beamer" wrote: > > > "Gerhard" <Gerhard(a)community.nospam> wrote in message > news:DEFFA1C5-131C-4DAB-B59C-5BB4619245BD(a)microsoft.com... > > I am working on a Silverlight Business Application. I need to change the > > connection string in code to use a specific user and password in > > Production. > > I don't want the password sitting in a web.config file. How can I do > > this? > > Thanks. > > Make sure you are asking the right question here, as the connection string > being configurable but not in .config is possible, but it is often better to > encrypt the string. If you want a user specific connection, you can use to a > trusted connection, which forces user log in. But if you want a single > account (SQL, not windows, auth), then you end up having to store that > string somewhere, and encrypting the string with the mechanisms present in > the web security namespace are the easiest methods of getting it done. > > To easily deploy this, you can set the machine keys yourself, which also > solves the web farm problem. > > -- > Peace and Grace, > Greg > > Twitter: @gbworld > Blog: http://gregorybeamer.spaces.live.com > > ************************************************ > | Think outside the box! | > ************************************************ >
From: Mr. Arnold on 22 Mar 2010 15:17 "Gerhard" wrote: > Thanks. Is there a tutorial on how to encrypt the string with the mechanisms > present in the web security namespace > http://www.codeproject.com/KB/recipes/Encrypt_an_string.aspx
From: Gregory A. Beamer on 26 Mar 2010 10:58 "Gerhard" <Gerhard(a)community.nospam> wrote in message news:FAA1C991-FE3F-4BBF-8C37-85E68110CE10(a)microsoft.com... > Thanks. Is there a tutorial on how to encrypt the string with the > mechanisms > present in the web security namespace Not directly, but there are complementary methods that will automagically unencrypt on the server. This will work for a single machine (does not work for a farm, as it uses the machine's keys): http://msdn.microsoft.com/en-us/library/ms998280.aspx The above is very secure, but also takes a bit of work. The easier method is: http://wiki.asp.net/page.aspx/1155/encrypt-connectionstrings-section-of-webconfig/ To set the machine keys easily: http://aspnetresources.com/tools/keycreator.aspx Also note that there is a facility in the Enterprise Library (http://msdn.microsoft.com/en-us/library/dd203099.aspx) for encrypting configuration elements, if you prefer to go that direction. -- Peace and Grace, Greg Twitter: @gbworld Blog: http://gregorybeamer.spaces.live.com ************************************************ | Think outside the box! | ************************************************
|
Next
|
Last
Pages: 1 2 Prev: Figuring out how to use a custom membership provider. Next: Validators |