How do I abstract and secure the same connection string from many applications centrally?

Question

I have several web applications running on the same server. All of them have the internal IP address of the database server hardcoded into their Web.config files as well as the username and password for the database. I am in the midst of performing many server upgrades and will have to go through all of those applications and update the connection strings everywhere. I would like to have a centralized and secure place to store the connection string.

Is there a daemon or application I can place on the server that can securely contain the connection string details for the database, provide a 'virtual' connection string for my applications to point at, and tunnel the requests back and forth?

The legacy applications are running LINQ-to-SQL and some of them have been updated to use a bit of Entity Framework.

Answer 1

You can use:

1. PowerShell to update the web.config files (some sample code to get you started below)
2. Web.deploy https://msdn.microsoft.com/en-us/library/vstudio/dd465318(v=vs.100).aspx

$dbServer = ReadHostIfNull $dbServer "Enter name of database server" $dbName = ReadHostIfNull $dbNameSAM "Enter name of SAM database" $dbUserName = ReadHostIfNull $dbUserName "Enter SQL authentication username for database (leave blank for integrated security)"

$connectionString = "Data Source=$dbServer;Initial Catalog=$dbName;$securityPart"

Write-Output "Modifying web.config..."
if($webConfigPath -eq "")
{
    $configFile = Get-WebConfigFile "IIS:/Sites/$webSite/$vDirSAM"
    $webConfigPath = $configFile.FullName
}

$configXml = [xml](Get-Content $webConfigPath)

UpdateAppSetting $configXml "ConnectionString" $connectionString

function UpdateAppSetting
{ param ($configXml, $key, $newValue)
    $configXml.SelectSingleNode("//configuration/appSettings/add[@key = ""$key""]").value = "$newValue"
}