Encrypting Database Credentials
-
Hi All, I have an asp.Net application which is using Entity Framework to connect to the Database and for DML operations. So I am using User Name and Password in my web config, now my question is, is there any way to hide these credentials or encrypt it. Which approach is best for security of Database credentials in Web config files. My ASP.Net UI is interacting with WCF service that is intern interacting with Entity Framework, in which projects I should keep these connection strings and what is the best approach for security. Thanks in advance.
Thanks & Regards, Abdul Aleem Mohammad St Louis MO - USA
-
Hi All, I have an asp.Net application which is using Entity Framework to connect to the Database and for DML operations. So I am using User Name and Password in my web config, now my question is, is there any way to hide these credentials or encrypt it. Which approach is best for security of Database credentials in Web config files. My ASP.Net UI is interacting with WCF service that is intern interacting with Entity Framework, in which projects I should keep these connection strings and what is the best approach for security. Thanks in advance.
Thanks & Regards, Abdul Aleem Mohammad St Louis MO - USA
You may want to read up on Basic Security Practices for Web Applications[^]... Specifically Access Databases Securely, there's a little bit on using integrated security. I hope this helps some.
"Any sort of work in VB6 is bound to provide several WTF moments." - Christian Graus
-
Hi All, I have an asp.Net application which is using Entity Framework to connect to the Database and for DML operations. So I am using User Name and Password in my web config, now my question is, is there any way to hide these credentials or encrypt it. Which approach is best for security of Database credentials in Web config files. My ASP.Net UI is interacting with WCF service that is intern interacting with Entity Framework, in which projects I should keep these connection strings and what is the best approach for security. Thanks in advance.
Thanks & Regards, Abdul Aleem Mohammad St Louis MO - USA
indian143 wrote:
My ASP.Net UI is interacting with WCF service that is intern interacting with Entity Framework, in which projects I should keep these connection strings
It needs to be kept in the WCF service layer
You can refer the article on Task Management System that uses the similar technologies that you are using in your project. That may help you.[^]
Niladri Biswas (Code Project MVP 2012)