It’s possible to encrypt a connection string stored in web.config on a shared host where you don’t have access to the command line. Just create an aspx page that toggles the encryption status of the connection string like this:
EncryptConfigConnectionString.aspx
1 <%@ Page Language=”VB” %>
2
3 <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
4
5 <%@ Import Namespace=”System.Data.SqlClient” %>
6 <%@ Import Namespace=”System.Web.Configuration” %>
7
8 <script runat=”server”>
9
10 Protected Sub EncryptButton_Click(ByVal sender As Object, ByVal e As System.EventArgs)
11 Try
12 ‘ Open the configuration file and retrieve
13 ‘ the connectionStrings section.
14 Dim config As Configuration = WebConfigurationManager.OpenWebConfiguration(“~/”)
15
16 Dim section As ConnectionStringsSection = DirectCast( _
17 config.GetSection(“connectionStrings”), _
18 ConnectionStringsSection)
19
20 If section.SectionInformation.IsProtected Then
21 ‘ Remove encryption.
22 section.SectionInformation.UnprotectSection()
23 Else
24 ‘ Encrypt the section.
25 section.SectionInformation.ProtectSection( _
26 “DataProtectionConfigurationProvider”)
27 End If
28
29 ‘ Save the current configuration.
30 config.Save()
31
32 EncryptLabel.Text = “Protected=” & section.SectionInformation.IsProtected
33 EncryptLabel.ForeColor = Drawing.Color.Green
34
35 Catch ex As Exception
36 EncryptLabel.Text = ex.Message & ” (You might need to impersonate an account with permissions to update the web.config file)”
37 EncryptLabel.ForeColor = Drawing.Color.Red
38 End Try
39 End Sub
40
41 </script>
42
43 <html xmlns=”http://www.w3.org/1999/xhtml”>
44 <head id=”Head1″ runat=”server”>
45 <title>Manage Connection String</title>
46 </head>
47 <body>
48 <p>
49 This form will toggle the encryption of the Connection String in the web.config file.<br />
50 In order for it to run, you must first have ASP.NET <a href=”http://aspnet.4guysfromrolla.com/articles/041002-1.aspx”>impersonate the owner user</a> by changing<br />
51 the configuration setting \configuration\system.web\identity in web.config.
52 </p>
53 <form id=”form1″ runat=”server”>
54 <asp:Button ID=”EncryptButton” runat=”server” Text=”Toggle Encryption” OnClick=”EncryptButton_Click” /><br />
55 <asp:Label ID=”EncryptLabel” runat=”server” Text=””></asp:Label><br />
56 </form>
57 </body>
58 </html>
But before you can use this to toggle the encryption of your connection string you must temporarily let the page run with your account’s permissions. To do this, add the following <identity impersonate … /> to your system.web section of your web.config. Don’t forget to remove this tag when you are finished!
web.config
…
24 <system.web>
25 <!– The following is necessary when programmatically changing encrypted connectionStrings –>
26 <identity impersonate=“true“ userName=“userName“ password=“password“ />
…