Encrypting and using LocalSqlServer connection string

Can anyone help? I have encrypted and made use of my "regular" connection string without anthing more than an encrypyted key value in web.config that is accessed in my code. However, I can't seem to apply the logic to the "LocalSqlServer" connection string. Below is my code in global.asax. LocalSqlServer uses exactly the same connection string as my "regular" connection string (it's in the same database).


Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)


'get the value of the encrypted connection string


Dim fe As Encryption64 = New Encryption64()


Dim ConnectionString As String = fe.DecryptFromBase64String(System.Configuration.ConfigurationManager.AppSettings("ConnectionString"), "12345678")


System.AppDomain.CurrentDomain.SetData("ConnectionString", ConnectionString)


fe = Nothing


'drop the LocalSqlServer connection and apply the sameconnection string to it


Dim config As Configuration = ConfigurationManager.OpenExeConfiguration(System.Reflection.Assembly.GetExecutingAssembly.Location)


Dim strConnectionString = System.AppDomain.CurrentDomain.GetData("ConnectionString")


config.ConnectionStrings.ConnectionStrings.Remove("LocalSqlServer")


Dim conStrSettings As ConnectionStringSettings = New ConnectionStringSettings("LocalSqlServer", strConnectionString)


config.ConnectionStrings.ConnectionStrings.Add(conStrSettings)


config.Save()


config = Nothing


End Sub


I don't really want to "save" the value of the connection string in my web.config file (it would defeat the purpose of encryption), but it doesn't save anyway, and my application doesn't recognise the new LocalSqlServer connection when I try to log in.


SteveC

 

I got zero responses on this post, but have persisted down a new path. I think a nice, neat way to make use of your encryted connection string is to:


1. Add the encrypted value in the "appSettings" section of web.config.


2. Retrieve the decrypted value on startup.


3. Create acustom MembershipProvider class and assign the decrypted value to its connection string property.


The only problem is that I can't get any methods in my new custom MembershipProvider class to fire. Here's some relevant bits of code:


web.config:
<membership</o>
defaultProvider="CustomMembershipProvider"></o>
<providers></o>
<remove name="AspNetSqlMembershipProvider"/></o>
<add name="CustomMembershipProvider"</o>
type="System.Web.Security.SqlMembershipProvider"</o>
connectionStringName="a connectionStringname in connections section"
</o> ...
</o> ...
</o> ...
/></o>
</providers></o>
</membership></o>

app_code\class_1.vb class module:

Public MustInherit Class CustomMembershipProvider
Inherits SqlMembershipProvider</o>
</o>
Public Overrides Sub Initialize(ByVal name As String, ByVal config As NameValueCollection)</o>

</o>
MyBase.Initialize(name, config)
Dim sqlConnectionStringField As FieldInfo = Nothing</o>
Dim mp As Type = GetType(SqlMembershipProvider)</o>
sqlConnectionStringField = mp.GetField("_sqlConnectionString", System.Reflection.BindingFlags.Instance Or System.Reflection.BindingFlags.NonPublic)</o>
sqlConnectionStringField.SetValue(Me, "mydecryptedstringvalue")</o>
End Sub</o>
End Class</o>

When the CustomMembershipProvider is encountered in web.config, the Initialize method of the CustomMembershipProvider is supposed to fire, but it doesn't. I have tried adding other methods like ValidateUser, but none will fire.

Another thing that bothers me is that a connectionStringname is required when adding a new MembershipProvider in web.config; my only hope is that this requirement will be negated upon successful firing of a method in the newly-created class. If this can't be negated, I'm back to square one, in that I would have to include a valid connection string in web.config.

SteveC