edmx connection string

  • Thread starter Thread starter Gerhard
  • Start date Start date
G

Gerhard

I am working on a Silverlight Business Application. I need to change the
connection string in code to use a specific user and password in Production.
I don't want the password sitting in a web.config file. How can I do this?
Thanks.
 
Gerhard said:
I am working on a Silverlight Business Application. I need to change the
connection string in code to use a specific user and password in
Production.
I don't want the password sitting in a web.config file. How can I do
this?
Thanks.
Click to expand...

Make sure you are asking the right question here, as the connection string
being configurable but not in .config is possible, but it is often better to
encrypt the string. If you want a user specific connection, you can use to a
trusted connection, which forces user log in. But if you want a single
account (SQL, not windows, auth), then you end up having to store that
string somewhere, and encrypting the string with the mechanisms present in
the web security namespace are the easiest methods of getting it done.

To easily deploy this, you can set the machine keys yourself, which also
solves the web farm problem.

--
Peace and Grace,
Greg

Twitter: @gbworld
Blog: http://gregorybeamer.spaces.live.com

************************************************
| Think outside the box! |
************************************************
 
Thanks. Is there a tutorial on how to encrypt the string with the mechanisms
present in the web security namespace
 
Gerhard said:
Thanks. Is there a tutorial on how to encrypt the string with the
mechanisms
present in the web security namespace
Click to expand...

Not directly, but there are complementary methods that will automagically
unencrypt on the server.

This will work for a single machine (does not work for a farm, as it uses
the machine's keys):
http://msdn.microsoft.com/en-us/library/ms998280.aspx

The above is very secure, but also takes a bit of work. The easier method
is:
http://wiki.asp.net/page.aspx/1155/encrypt-connectionstrings-section-of-webconfig/

To set the machine keys easily:
http://aspnetresources.com/tools/keycreator.aspx

Also note that there is a facility in the Enterprise Library
(http://msdn.microsoft.com/en-us/library/dd203099.aspx) for encrypting
configuration elements, if you prefer to go that direction.

--
Peace and Grace,
Greg

Twitter: @gbworld
Blog: http://gregorybeamer.spaces.live.com

************************************************
| Think outside the box! |
************************************************
 
Gregory said:
Not directly, but there are complementary methods that will
automagically unencrypt on the server.

This will work for a single machine (does not work for a farm, as it
uses the machine's keys):
http://msdn.microsoft.com/en-us/library/ms998280.aspx

The above is very secure, but also takes a bit of work. The easier
method is:
http://wiki.asp.net/page.aspx/1155/encrypt-connectionstrings-section-of-webconfig/


To set the machine keys easily:
http://aspnetresources.com/tools/keycreator.aspx

Also note that there is a facility in the Enterprise Library
(http://msdn.microsoft.com/en-us/library/dd203099.aspx) for encrypting
configuration elements, if you prefer to go that direction.
Click to expand...

Also, when creating the EF model, it's asked do you want to encrypt the
connection string.

The psw for SQL Server login should be encrypted too with some kind of
shift-key none shift-key alph-numeric-special keys combination to even
login to SQL Server at the SQL Server Manager.
 
Back
Top