- ABP Framework version: v4.2.2
- UI Type: Angular
- Database System: EF Core (SQL Server, Oracle, MySQL, PostgreSQL, etc..) SQL Server
- Tiered (for MVC) or Auth Server Separated (for Angular): yes
- Exception message and full stack trace:
- Steps to reproduce the issue:
How we can use secure DB connection string as currently it is plain text string in setting file.
11 Answer(s)
-
0
Hi
You can override MultiTenantConnectionStringResolver https://docs.abp.io/en/abp/4.2/Connection-Strings#replace-the-connection-string-resolver the resolver which is listed here and use string encryption to encrypt and decrypt https://docs.abp.io/en/abp/latest/String-Encryption
https://docs.abp.io/en/abp/4.2/Customizing-Application-Modules-Overriding-Services
https://github.com/abpframework/abp/blob/rel-4.2/framework/src/Volo.Abp.MultiTenancy/Volo/Abp/MultiTenancy/MultiTenantConnectionStringResolver.cs
-
0
Hello Anjali, Sorry but i couldn't follow your instructions. Do you have some simple step document or sample where
- i can encrypt plain text db connection string in api cofig file and use it
- if i have to do any changes in the code then what steps i have to follow. Please share a step by step instruction and example.
-
0
Why do you even want to do that? That connection string is not visible to the public. See here
Normally you configure your db server to only allow connections from specific ip addresses and/or you take additional security measurements.
If using SQL server for example, you can take a look here https://learn.microsoft.com/en-us/sql/connect/ado-net/sql/sql-server-security?view=sql-server-ver16
if you still want to encrypt the connection string, you can try implementing your own ConnectionStringResolver to do something with String Encryption
-
0
if you still want to encrypt the connection string, you can try implementing your own ConnectionStringResolver to do something with String Encryption
Can you help me to get an example?
-
0
why don't you use environment variables. ABP uses ASP.NET Core's standard configuration class and you can store connection string or any other appsettings.json configuration in several places. See https://learn.microsoft.com/en-us/aspnet/core/fundamentals/configuration
-
0
Thanks Alper. I am not sure if env. variable will work in containers and cloud PaaS services. Azure kye Vault is another best suitable approach for me. Can you help me how i can use it to store and get my connection string with ABP framework. Please share some sample.
Thanks again.
-
0
You can refer to this: https://learn.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-7.0
or this:
https://stackoverflow.com/questions/68224000/using-keyvault-secrets-to-override-appsettings-in-azure-app-service-and-locally
just search google for something like
azure key vault asp .net core appsettings.json
and you'll find plenty of resources about that topic. -
0
Thanks @jfistelmann.
Is it possible that i keep some placeholder in connection string and replace that placeholder in code with the actual value? if yes, what exactly i have to do?
-
0
Thanks @jfistelmann.
Is it possible that i keep some placeholder in connection string and replace that placeholder in code with the actual value? if yes, what exactly i have to do?
With this here you can do anything you imagine :) by just implementing your own
ConnectionStringResolver
-
0
Thanks @jfistelmann. Can you please share some expample to create new middle layer
-
0
Thanks @jfistelmann. Can you please share some expample to create new middle layer
You just need to implement the interface and ensure it's added to the ServiceProvider. Are you experiencing any issues with that?