cgcarter1 wrote:
The last thing and most important is encrypting the connection string (for obvious reasons). This is extremely easy to do in code-behind. I typically give a button event to encrypt and decrypt the string.
I understand it is just a beta release, just trying to give ya'all some food for thought.
Here is some quick code that you can drop into a class library to encrypt/decrypt the connection string in the web.config...
Public Function EncryptConfig() As Boolean
Try
Dim confg As Configuration = WebConfigurationManager.OpenWebConfiguration("")
Dim confStrSect As ConfigurationSection = confg.GetSection(section)
If Not confStrSect Is Nothing Then
confStrSect.SectionInformation.ProtectSection(provider)
confg.Save()
End If
' the encrypted section is automatically decrypted!!
Return True
Catch ex As Exception
Return False
End Try
End Function
Public Function DecryptConfig() As Boolean
Try
Dim confg As Configuration = WebConfigurationManager.OpenWebConfiguration("")
Dim confStrSect As ConfigurationSection = confg.GetSection(section)
If Not confStrSect Is Nothing AndAlso confStrSect.SectionInformation.IsProtected Then
confStrSect.SectionInformation.UnprotectSection()
confg.Save()
End If
Return True
Catch ex As Exception
Return False
End Try
End Function