I'm trying to develop a C# Winform application, which connects to SQL database.
So far I was able to move the most sensitive data from my XML configuration file to an external XML configuration file, but that's it.
The last thing I have to do is to encrypt that file, as many people will have access to a directory in which application is located.
My main [APP] configuration file looks as follows:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
</configSections>
<connectionStrings configSource="conn_string.config"/>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />
</startup>
</configuration>
And there is my [conn_string] external configuration file in which I'm trying to hide a connection string:
<?xml version="1.0" encoding="utf-8" ?>
<connectionStrings>
<add name="myConnectionStringName"
providerName="System.Data.SqlClient"
connectionString="Data Source=ServerName;Initial
Catalog=InitialDatabaseName;User=UserName;Password=MyPassword;Application Name=MyAppName" />
</connectionStrings>
Now when it comes to encryption I have read that asp-netregiis.exe is looking only for file named "web"
so I temporarily renamed my "conn_string" file to "web"
And tried the encryption(via developer command line VS):
aspnet_regiis -pef "connectionStrings" "path_to_my_conn_string_file"
The result is: ~My translation
The web.config file doesn't contain a configuration tag
So I added one like this:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<connectionStrings>
<add name="myConnectionStringName"
providerName="System.Data.SqlClient"
connectionString="Data Source=ServerName;Initial
Catalog=InitialDatabaseName;User=UserName;Password=MyPassword;Application Name=MyAppName" />
</connectionStrings>
</configuration>
Now it complains about: ~Again my translation
File format configSource must be an element conatining section name
The steps you are taking that use aspnet_Regiis are really intended for web applications hosted in Internet Information Server (IIS). The file it is looking for is really "web.config." You mentioned that the app being constructed is a winforms application, which isn't a web application. Regular winforms applications are generally configured via a file called "app.config." Visual Studio may have created a base app.config for you depending on the version you're using.
You can "trick" aspnet_Regiis into encrypting your configuration file by temporarily renaming app.config to web.config, and then invoking aspnet_regiis with a flag that points to the exact path of our "phony" web.config:
For simplicity, let's say your initial app.config resides in c:\MyPrograms\MyApp.
Rename app.config to web.config.
From an administrative command prompt, set your current directory to c:\windows\micrsoft.net\framework\v4.0.30319
Invoke aspnet_regiis, using the "-pef" switch to instruct the tool to encrypt a particular section of your web.config:
aspnet_regiis -pef "connectionStrings" c:\MyPrograms\MyApp
If you see a "Succeeded" message, rename your web.config back to app.config, and run your application. .NET should decrypt your connection string automatically at runtime on that machine.
If you need to put this application on other machines, you may need to consider setting up a common encryption key that can be installed on other machines as well as define a provider in web.config that leverages that key. But for now, let's get the basic process working locally, and then worry about the other components once we know this part is working.
Hope this helps!
Related
I have a database in Microsoft SQL Server Management Studio and wish to include this in a project I'm working on. Of course, I could just place the connection string with all the data in the C# program itself, but I wish to do it more secure if possible. I have looked at protected configuration and I'm using the following code from Microsoft: RsaProtectedConfigurationProvider. But when I try to encrypt app.config I get an exception at config.save(ConfigurationSaveMode.Full); with the following message Inner exception ConfigurationErrorsException: Invalid key value.
This is the app.config I use:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<connectionStrings>
<add name="database" connectionString="Data Source=.\SQLEXPRESS;Initial Catalog=database;User Id=username;Password=test"/>
</connectionStrings>
</configuration>
To make sure that I have the proper right to encrypt the section I run the application with administrator rights by using the following code in app.manifest: <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
So my question is how can I protect the configuration and how can I access the configuration to make the connection with the database?
I’m a student. And this is my first production level project. I’m developing a WPF application using Entity Framework, which will be running only on a tab. I have problem in choosing a database. Since this application is going to run only on one device and cloud database cannot be used, what would be the best option?
If I use mssql the connection string in my development environment and production environment differs. Am I wrong? If I’m right what would be the solution for having a connection string that works identically in both environments.
Thanks in advance.
Usually you always end up with a different connection string for development (ex: without password) and for production (ex: long password).
C# handles this with App.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<connectionStrings>
<add name="yourname" connectionString="..." providerName="MySql.Data.MySqlClient" />
</connectionStrings>
</configuration>
And then you'll add a transformation file that changes certain values of your App.config depending on the environment where you'll deploy it.
Typically there is an App.Release.config file that updates the connectionString when built in Release mode (versus Debug mode)
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<connectionStrings>
<add name="yourname"
connectionString="productionConnectionStringHere"
xdt:Transform="SetAttributes" xdt:Locator="Match(name)"/>
</connectionStrings>
</configuration>
As to which database you're going to use: It doesn't really matter. Have a look at Sqlite. Or Mongo if you don't have tabular data.
I have an app.config file in Winforms application that holds a connection string. This is to go out to multiple tenant (clients) as a separate file. These clients have different database sources. This config file also holds other version information such as EF, Telerik reporting etc...
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.1" />
and
<section name="Telerik.Reporting"
type="Telerik.Reporting.Configuration.ReportingConfigurationSection, Telerik.Reporting, Version=8.1.14.804, Culture=neutral, PublicKeyToken=a9d7983dfcc261be"
allowLocation="true" allowDefinition="Everywhere" />
The problem I have is when we have an updated version of EF or Telerik reporting with our application and we deploy (auto-deploy) this we need to overwrite the app.config file in the client directory to update the versions in the client config file. They then lose their connection setting and I do not want the client to have to go and re-enter it.
My question:
Is there a best practice to overcome this issue? Should I hold the connection string somewhere else?
Yep, the best thing to do is to move your connection strings section to an another config file and reference that file within your app.config.
For example create a new file called connectionStrings.config:
<connectionStrings>
<add name="Default" connectionString="[client_connection_string] "/>
</connectionStrings>
And in your app.config file:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<connectionStrings configSource="connectionStrings.config" />
</configuration>
A full example can be found here.
Use an external configuration file that is referenced from the application config file. E.g. include this section in your config file.
<configuration>
<connectionStrings configSource="connections.config"/>
</configuration>
The external config file is described http://msdn.microsoft.com/en-us/library/ms254494(v=vs.110).aspx
Note that storing connection settings in plaintext on a workstation is still a bad idea.
Using Windows registry for stuff like this is a definite no-no these days.
you can try to hold all connection data that you need in separate xml file so it dont get overwrite when you preform a deploy of updated version.
I had developed C# application. and used external tool for themes.
Before creating setup for this application it works fine. and no problem in database connection.
But after creating setup for this application and installing it, connection to database not created.
I have used app.config file for getting connection string. Am I missing something when creating setup or the problem due to external theme?
My app.config code
<?xml version="1.0" encoding="utf-8" ?>
<configuration> <connectionStrings>
<add name="connectionStrings" connectionString="Data Source=SUMEET-PC\SQLSERVERNEW; Initial Catalog=ClothShop;User Id=sa;Password=123;" />
</connectionStrings>
</configuration>
I have a console app, let's call it Test.Console. This app uses a project called Test.Code.
Test.Code is a wrapper to access a database and should have an app.config file containing the connection string.
Test.Console should then access the classes in Test.Code to access what's in the database.
However, when I put the connection string in the app.config in the Code project, it doesn't seem to be able to access it, but when I put it in app.config in the Console project, the code in the Code project seems to be able to access it.
Is there any way that I can put the connection string in the Code project rather than the Console project?
Edit:
App.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<connectionStrings>
<clear />
<add name="ACE" connectionString="data source=servername;database=ACE;userid=username;password=password"/>
</connectionStrings>
</configuration>
In my class:
string connection = ConfigurationManager.ConnectionStrings["ACE"].ConnectionString;
That's it at the moment.
The app.config is exactly that, configuration for the running application.
The running application should be in charge of what databases etc that it connects to, hence the reason the config goes there.