2

Is it possible to encrypt a database connection string and deploy it to a Windows Azure Website? (NOT a Windows Azure Web Role) If so, how?

The reason I ask is because I can't find examples or documentation anywhere as to how to perform this specifically with Azure Websites. (I'd like to use the "Shared" web site mode)

I have found the following resources, which come close to what I want, but utilize Web Roles instead of Websites:
http://archive.msdn.microsoft.com/pkcs12protectedconfg http://blogs.msdn.com/b/windowsazure/archive/2010/09/09/securing-your-connection-string-in-windows-azure-part-3.aspx

Improve this question

1 Answer 1

Reset to default
8

The proper way to use connection strings on Azure Websites is to add "debug" connection strings to your web.config file (and by "debug" it can be a local db/storage or any string that is safe to share - empty string).

On the Azure portal go to your Azure website --> CONFIGURE tab and under connection strings sections add your actual connection strings with the same names as used in your web.config file, there the connection string are saved as encrypted strings.

The website code will get the proper connection string you set in the Azure portal.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Yes, this is a good approach to securing the connection string. However, I'm also looking to encrypt sections of the web config that contain sensitive keys. The idea being that if someone gains access to the Azure Management Portal, they'll still not be able to access those values. Encrypting web.config with PKCS12 makes this possible. I just don't know how to deploy the certificate to an Azure Website.
If one can access your Azure portal, he can get the publishing profile, then add code to your site which reads those encrypted strings...
That's a good point. I guess I should be using a certificate to encrypt the data instead of keys in an encrypted web.config section.
Follow the directions on this website in order for PKCS12 to work with Azure websites. Be mindful that your project must be a Azure Cloud Service published via a web role. link
Actually - this process is a bit more up to date and would be better to follow link
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.