Is it possible to save a connection string from app.config without saving the password, or somehow encrypt it, using entity framework? Without using windows authentication, that is, with username and password.
Connection example:
<add name="conexionEntities" connectionString="metadata=res://*/Integration.Models.conexion.csdl|res://*/Integration.Models.conexion.ssdl|res://*/Integration.Models.conexion.msl;provider=System.Data.SqlClient;provider connection string="data source=(local);initial catalog=db_ejemplo;user id=sa;password=123456789;multipleactiveresultsets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
password=123456789 <-- this data is the one that I would not like to be exposed in the app.config
You can encrypt parts of
Web.configit as shown in the link to prevent that information from being accessed.EDIT
Example of the encryption process:
Web.configwith a text editor. Make sure it<system.web>contains the child elements:<connectionStrings>and<machineKey>. An example could be:With the command prompt go to:
cd \WINDOWS\Microsoft.Net\Framework\v2.0.*Once there, run the following command:
aspnet_regiis -pe "connectionStrings" -app "/MyApplication". This command encrypts the<connectionStrings>application sectionMyApplication.Repeat the previous step for the element
<machineKey>:aspnet_regiis -pe "system.web/machineKey" -app "/MyApplication"Now the content of the Web.config is already encrypted.
EXTRA
Access to encrypted data:
Although ASP.NET automatically decrypts the file content
Web.configwhen it is processed and no additional steps are needed to read the file, it may be interesting to know how to view the decrypted information. To access it, it can be done through these lines of code.