From: Gerhard on
I am working on a Silverlight Business Application. I need to change the
connection string in code to use a specific user and password in Production.
I don't want the password sitting in a web.config file. How can I do this?
Thanks.
From: Gregory A. Beamer on


"Gerhard" <Gerhard(a)community.nospam> wrote in message
news:DEFFA1C5-131C-4DAB-B59C-5BB4619245BD(a)microsoft.com...
> I am working on a Silverlight Business Application. I need to change the
> connection string in code to use a specific user and password in
> Production.
> I don't want the password sitting in a web.config file. How can I do
> this?
> Thanks.

Make sure you are asking the right question here, as the connection string
being configurable but not in .config is possible, but it is often better to
encrypt the string. If you want a user specific connection, you can use to a
trusted connection, which forces user log in. But if you want a single
account (SQL, not windows, auth), then you end up having to store that
string somewhere, and encrypting the string with the mechanisms present in
the web security namespace are the easiest methods of getting it done.

To easily deploy this, you can set the machine keys yourself, which also
solves the web farm problem.

--
Peace and Grace,
Greg

Twitter: @gbworld
Blog: http://gregorybeamer.spaces.live.com

************************************************
| Think outside the box! |
************************************************

From: Gerhard on
Thanks. Is there a tutorial on how to encrypt the string with the mechanisms
present in the web security namespace

"Gregory A. Beamer" wrote:

>
>
> "Gerhard" <Gerhard(a)community.nospam> wrote in message
> news:DEFFA1C5-131C-4DAB-B59C-5BB4619245BD(a)microsoft.com...
> > I am working on a Silverlight Business Application. I need to change the
> > connection string in code to use a specific user and password in
> > Production.
> > I don't want the password sitting in a web.config file. How can I do
> > this?
> > Thanks.
>
> Make sure you are asking the right question here, as the connection string
> being configurable but not in .config is possible, but it is often better to
> encrypt the string. If you want a user specific connection, you can use to a
> trusted connection, which forces user log in. But if you want a single
> account (SQL, not windows, auth), then you end up having to store that
> string somewhere, and encrypting the string with the mechanisms present in
> the web security namespace are the easiest methods of getting it done.
>
> To easily deploy this, you can set the machine keys yourself, which also
> solves the web farm problem.
>
> --
> Peace and Grace,
> Greg
>
> Twitter: @gbworld
> Blog: http://gregorybeamer.spaces.live.com
>
> ************************************************
> | Think outside the box! |
> ************************************************
>
From: Mr. Arnold on


"Gerhard" wrote:

> Thanks. Is there a tutorial on how to encrypt the string with the mechanisms
> present in the web security namespace
>
http://www.codeproject.com/KB/recipes/Encrypt_an_string.aspx
From: Gregory A. Beamer on



"Gerhard" <Gerhard(a)community.nospam> wrote in message
news:FAA1C991-FE3F-4BBF-8C37-85E68110CE10(a)microsoft.com...
> Thanks. Is there a tutorial on how to encrypt the string with the
> mechanisms
> present in the web security namespace

Not directly, but there are complementary methods that will automagically
unencrypt on the server.

This will work for a single machine (does not work for a farm, as it uses
the machine's keys):
http://msdn.microsoft.com/en-us/library/ms998280.aspx

The above is very secure, but also takes a bit of work. The easier method
is:
http://wiki.asp.net/page.aspx/1155/encrypt-connectionstrings-section-of-webconfig/

To set the machine keys easily:
http://aspnetresources.com/tools/keycreator.aspx

Also note that there is a facility in the Enterprise Library
(http://msdn.microsoft.com/en-us/library/dd203099.aspx) for encrypting
configuration elements, if you prefer to go that direction.

--
Peace and Grace,
Greg

Twitter: @gbworld
Blog: http://gregorybeamer.spaces.live.com

************************************************
| Think outside the box! |
************************************************