Using CipherSafe.NET™

Let us assume that you are developing a Web application, which connects to a Microsoft® SQL Server® using SQL authentication (i.e. via user ID and password). This example illustrates how to use CipherSafe.NET™ to define a database connection string for your Web application and retrieve its value at run time.

Notes: This example applies to version 1.2 of the product. While it does not mention additional features - such as ability to store encrypted profile values in application configuration files - offered in most recent versions, it must be sufficient for giving a general idea about the product functionality. Layouts of the application windows and dialog boxes could also be modified, but they should still be good enough for the purpose of this example.

Step 1: Development

[Estimated time: 2 minutes]
During application development, add a reference to the CipherSafe.NET™ library (CipherSafe.dll) to your ASP.NET project (by default, the DLL must be installed in the C:\Program Files\Obviex\CipherSafe folder). In the Web application code (presumably, in code-behind), create an instance of the ApplicationProfile class and use its indexer to retrieve the profile value holding the connection string. This sample assumes that the profile value is named 'Connection String (SQL Server)', but the name can be anything, as long as it matches the name defined by an administrator when the application is deployed. Note: CipherSafe.NET™ provides import/export features, which greatly simplify the process of creation and population of application profiles and allow to keep the names of profile values in synch.

// C# CODE SAMPLE
...
using Obviex.CipherSafe;
using System.Data;
...
public class MyPage: Obviex.Web.Common.CommonPage
{
  ...
  private void DoSomething()
  {
    ...
    // Create an application profile object for the running Web application.
    // Category.WebApp indicates that we are expecting to retrieve a
    // profile of the immediate virtual directory, which is define as
    // IIS application.
    ApplicationProfile app = ApplicationProfile.GetProfile(Category.WebApp);

    // Assuming that the MakeSqlCall method expects a parameter
    // containing the database connection string, we can pass it directly
    // to the method, using the application profile's string indexer.
    // Alternatively, we can assign the value to a local variable,
    // or a variable with the application, session, or current application
    // domain scope, but in this case we will hold the plain text value
    // in memory longer than it may need to be.
    DataSet records = MakeSqlCall(app["Connection String (SQL Server)"]);
    ...
  }
}

This cannot be more simple, but if you want to see a more detailed example, check one of our samples.

Step 2: Deployment

[Estimated time: 3 minutes]
After your application is deployed, use the CipherSafe.NET™ GUI tool to create a new application profile for your Web application. Note: This step is performed once per application and can be automated.

Using the New Application Profile dialog, specify the properties of the new application profile. In this example, we will use the default Web site, which means that only ASP.NET pages belonging to the root folder of the default Web site and its subfolders, which are not defined as IIS applications, will be allowed to retrieve application profile values. Along with other properties, you can specify Windows® users and groups, which will be allowed to administer this application profile.

Now, add a new value to the application profile you just created.

Using the New Profile Value dialog, define the connection string, giving it the same name you used in the application code. The dialog provides facilities for building and testing connection strings. Note: While this example uses a connection string, profile values can hold other data, such as passwords, passphrases, encryption keys, etc.

After you create the profile value, CipherSafe.NET™ will encrypt it and store in the Windows® registry. (Note: To save encrypted profile values in the application configuration file, you must define the application as the Configuration File type; this option is available starting with version 1.3 of the product.) Whenever you want to change the profile value, simply double-click it in the main application window and use the same dialog to set its data and/or name.

You can also test the database connectivity of the profile values containing connection strings directly from the main application window without having to view their plain text values.

Note: CipherSafe.NET™ provides automation features allowing to easily create application profiles and/or populate them with values without having to go through step 2. For more information, check the product documentation.