Tuesday, May 13, 2008

PROGRAMATICALLY CONFIGURATION FILES ENCRYPTION AND DECRYPTION USING C#.NET

PROGRAMATICALLY CONFIGURATION FILES ENCRYPTION AND DECRYPTION USING C#.NET

In .Net application (web/window) configuration file we used to make application setting as configurable. Each and every time you need not to compile your project for any setting changes in the configuration file. This configuration file present in virtual directory of the application. When you deploy the application, it can be editable by the users who have all permission for that deployment server and one server can have several applications, this time it is necessary to keep your application configuration file secure or use encrypted configuration file to secure your application setting data.

Previously we used to write encryption decryption function using different .Net notation (like: SHA, MD5 etc) and manually updating configuration file. Here I am giving new way to do same task programmatically, you can do encrypt or decrypt any project configuration file appSettings or connectionStrings sections programmatically

ASP.NET 2.0 and above makes it extremely easy to encrypt connection strings, encrypt application settings, and encrypt config sections in Web.config either via the command prompt with aspnet_regiis or programmatically in your web applications.

Source Code:

Create application to encrypt or decrypt configuration file using C#/VB.Net windows or web application.

Here I am creating window application using C#.net, Follow the simple four steps to create application.

1) app.config file sections Before Encryption

For example:

<appSettings>

<add key="ServerName" value="Your Machine Name" />

<add key="Password" value="123.456.78" />

</appSettings>

2) app.config file sections After Encryption

For example:

<appSettings configProtectionProvider="DataProtectionConfigurationProvider">

<EncryptedData>

<CipherData>

<CipherValue>MSDFSDFGSSD$SFSD%VAAAAAAGDFGDFGGGGGGGVBCXBVBVCBBVCVBVCBBBTYRTYRTY%UUUUUUUU</CipherValue>

</CipherData>

</EncryptedData>

</appSettings>

2) You can design your window form something like below

3) Code for Encrypt and Decrypt button

NameSpace

using System.Web.Configuration;

Call following function from Encrypt button code behind

Function for Encryption

private int EncryptConfigurationSection(string fileName, string sectionName, string provider)

{

//Creates a FileMap Object to store the File Name of Configuration File

ExeConfigurationFileMap FileMap = new ExeConfigurationFileMap();

//Assigning the File Name to the File Map

FileMap.ExeConfigFilename = fileName;

//Retrieving the Configuration from the File Provided

Configuration config =

ConfigurationManager.OpenMappedExeConfiguration(FileMap, ConfigurationUserLevel.None);

//Checking if the File Provided is a Configuration File Or Not

if (config.HasFile) {

//Retrieve the Section from the Configuration Object

ConfigurationSection section = config.GetSection(sectionName);

//Check if the Section is not null or is not Previously Protected

if (section != null && !section.SectionInformation.IsProtected) {

//Provide Protection to the Section as per the provider

section.SectionInformation.ProtectSection(provider);

//Save the Configuration object and the File

config.Save();

return 1;

}

else{

if (section != null) {return 3;}

else {return 0;}

}

}

else {return 2;}

}

Function for De-Encryption

Call following function from Dncrypt button code behind

private int DncryptConfigurationSection(string fileName, string sectionName)

{

//Creates a FileMap Object to store the File Name of Configuration File

ExeConfigurationFileMap FileMap = new ExeConfigurationFileMap();

//Assigning the File Name to the File Map

FileMap.ExeConfigFilename = fileName;

//Retrieving the Configuration from the File Provided

Configuration config =

ConfigurationManager.OpenMappedExeConfiguration(FileMap, ConfigurationUserLevel.None);

//Checking if the File Provided is a Configuration File Or Not

if (config.HasFile) {

//Retrieve the Section from the Configuration Object

ConfigurationSection section = config.GetSection(sectionName);

//Check if the Section is not null or is not Previously Protected

if (section != null && section.SectionInformation.IsProtected) {

//Remove the Protection from the Section

section.SectionInformation.UnprotectSection();

//Save the Configuration Object and the File

config.Save();

return 1;

}

else {

if (section != null) {return 3;}

else {return 0;}

}

} else {return 2;}

}

Note:

In the above functions 0 to 3 used for

0 --> Wrong Section as per Configuration file

1 --> Successful Encyprtion/Decryption Information

2 --> Wrong Configuration File name

3 --> Configuration section in file is not encrypted

H/W Platform: Dual Processor with 1 GB RAM

S/W Environment: ASP.NET, VB.NET and C#.NET

5 comments:

Mark Boyer said...

How do you use the encrypted conf file in the target application?

How does the target application access the encrypted values?

Ritesh_Kesharwani said...

Hi Mark,

From the .NET code if you type configurationManager.Appsettings["Key"], .NET will internally decript and give the value of "Key" from the config file.

You have to create different utility like .exe and give it to client for encript and decript the data.


Thanks
Ritesh

Anonymous said...

hello, can be downloaded, or you could send email ami?

please!! :(

E-mail: mascodigo.net@hotmail.com

Anonymous said...

Hi!


Mansour Engineering have a refined understanding of client and market priorities in all facets of mechanical, electrical and civil engineering from engineering assessments and studies through typical and specialized design commissions, document production, contract administration, design/build, energy studies, field inspection and supervision, to building systems commissioning and consulting services for building operations

[url=http://www.mansour.ca] click here to go to Mansour Engineering[/url]


http://www.mansour.ca

daspeac said...

I have heard about another way of pdf document restore save. Besides, you can visit my blogs at: http://daspeac.livejournal.com/ or http://daspeac.blogspot.com/ where I’m trying to share my experience with regard to data corruption issues.