You are viewing a plain text version of this content. The canonical link for it is here.
Posted to log4net-user@logging.apache.org by UniqueDisplayName <fa...@bmico.com> on 2016/01/25 21:54:32 UTC
Encrypt connection string in Log4Net configuration
I am trying to encrypt the log4net section to hide the username and password
in the connection string. To do this I'm using .Net's implementation of
encrypting the config file. The code is as follows:
Configuration config = WebConfigurationManager.OpenWebConfiguration("~/");
ConfigurationSection section = config.GetSection("log4net");
if (!section.SectionInformation.IsProtected)
{
section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
config.Save();
}
The same approach can be seen in this post:
http://stackoverflow.com/questions/13688744/log4net-error-when-encrypting-config-file.
The beauty of this approach is that your application will decrypt the config
file at runtime, but for some reason this doesn't seem to be working with
log4net. It works fine with other 3rd parties such as Entity Framework. I'm
hoping I can get some advice on getting this to work. It feels like it's an
issue with log4net grabbing the config file before .Net has a chance to
decrypt it but I'm not quite sure how to fix it. Any advice would be great.
FWIW, this is an MVC site using .Net 4.5 and log4net 2.0.5.
Thank You,
UDN
--
View this message in context: http://apache-logging.6191.n7.nabble.com/Encrypt-connection-string-in-Log4Net-configuration-tp61227.html
Sent from the Log4net - Users mailing list archive at Nabble.com.
RE: Encrypt connection string in Log4Net configuration
Posted by UniqueDisplayName <fa...@bmico.com>.
Thank you Joe Joe-3, that worked out perfectly for me. I really appreciate
the advice/help. For those who may come across this in the future, here's
what my code/config looks like.
*Web.config*
<log4net>
<root>
<level value="All" />
<appender-ref ref="AdoNetAppender" />
</root>
<appender name="AdoNetAppender" type="log4net.Appender.AdoNetAppender">
<bufferSize value="1" />
<connectionType value="System.Data.SqlClient.SqlConnection,
System.Data, Version=1.0.3300.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" />
<connectionStringName value="Log4Net"/>
..........
</log4net>
<connectionStrings>
<add name="Log4Net" connectionString="data source=ServerName;initial
catalog=DatabaseName;User Id=UserID;Password=Somepassword"
providerName="System.Data.EntityClient" />
</connectionStrings>
*Encryption Method in Code Behind*
Configuration config = WebConfigurationManager.OpenWebConfiguration("~/");
ConfigurationSection section = config.GetSection("connectionStrings");
if (!section.SectionInformation.IsProtected)
{
section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
config.Save();
}
I call the encryption method at startup of my website. It will encrypt the
connectionStrings section of the file at rest and leave it encrypted forever
unless you decrypt it. If anyone has any questions in the future feel free
to reach out.
Once again thank you for the advice Joe,
UDN
--
View this message in context: http://apache-logging.6191.n7.nabble.com/Encrypt-connection-string-in-Log4Net-configuration-tp61227p61259.html
Sent from the Log4net - Users mailing list archive at Nabble.com.
RE: Encrypt connection string in Log4Net configuration
Posted by Joe <Jo...@hotmail.com>.
I would do this as follows:
- Use connectionStringName in the log4net ADONetAppender configuration to specify the name of a connection string in the "connectionStrings" configuration section
- Encrypt the connectionStrings configuration section.
I believe log4net reads its configuration as XML rather than as a .NET configuration section, which is why protected configuration doesn't work.
-----Original Message-----
From: UniqueDisplayName [mailto:falamo@bmico.com]
Sent: 25 January 2016 21:55
To: log4net-user@logging.apache.org
Subject: Encrypt connection string in Log4Net configuration
I am trying to encrypt the log4net section to hide the username and password in the connection string. To do this I'm using .Net's implementation of encrypting the config file. The code is as follows:
Configuration config = WebConfigurationManager.OpenWebConfiguration("~/");
ConfigurationSection section = config.GetSection("log4net"); if (!section.SectionInformation.IsProtected)
{
section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
config.Save();
}
The same approach can be seen in this post:
http://stackoverflow.com/questions/13688744/log4net-error-when-encrypting-config-file.
The beauty of this approach is that your application will decrypt the config file at runtime, but for some reason this doesn't seem to be working with log4net. It works fine with other 3rd parties such as Entity Framework. I'm hoping I can get some advice on getting this to work. It feels like it's an issue with log4net grabbing the config file before .Net has a chance to decrypt it but I'm not quite sure how to fix it. Any advice would be great.
FWIW, this is an MVC site using .Net 4.5 and log4net 2.0.5.
Thank You,
UDN
--
View this message in context: http://apache-logging.6191.n7.nabble.com/Encrypt-connection-string-in-Log4Net-configuration-tp61227.html
Sent from the Log4net - Users mailing list archive at Nabble.com.