So you want to secure your connections string in web.config…

but you don’t control the webserver box (i.e. it is on a webhost somewhere out in the world).

I asked how to do this with DPAPI when you don’t control the webserver. Paul Glavich and Rich Dudley were way ahead of me on this one. They both write web apps that can do the DPAPI on the webserver, then they remove the apps from the server! Aha. That, I can do!

Here is Rich’s solution which leverages the DPAPI wrapper that Carl Franklin wrapped up after DevDays last year.

Here is Glav’s download page where he has his DPAPI wrapper.

The irony here is that I talked about this at DevDays and wrote about it too. I even did it on servers that I have control over, but, I never did get to the two applications that are hosted elsewhere because of this problem.

TechEd Speakers Charity Auction

  Sign up for my newsletter so you don't miss my conference & Pluralsight course announcements!  

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.