Storing Sensitive Information Using ASP.NET
Often in an ASP.NET application you are required to make use of highly sensitive information. For example, you may need to use a user ID and password to connect to a database or you may be storing user IDs and passwords that customers use to access your application. While you can use secure sockets layer (SSL) to encrypt information as it is passed over the network, that information must also be protected when it is stored both on the server and on the client. This topic covers some general guidelines for storing sensitive information.
For more information about how to store sensitive information, see Improving Web Application Security: Threats and Countermeasures on the MSDN Web site.
The best way to avoid exposing sensitive information in an application is not to store it. Minimize the places where sensitive information is stored. Avoid storing sensitive information for your application in a cookie or a control that is persisted in the browser, which would expose the sensitive information to clients of your application. Avoid storing sensitive information in your application logic. Instead, retrieve the sensitive information from a secure configuration location or from the client.
When you do store sensitive information, avoid storing it in human-readable text or in an easily decoded format, such as Base64 encoding. Instead, encrypt the information so that, if it is exposed to an attacker somehow, the attacker cannot easily determine what the sensitive information contains.
If the sensitive information needs only to be verified and not decrypted to a human-readable format, encrypt the sensitive information using a one-way hash. Then, when comparing the sensitive information received from a source that is being validated, hash the value received and compare the hashes for verification. For example, if you are using ASP.NET Membership and Forms Authentication to provide user authentication for your application, set the password format to Hashed so that passwords are encrypted using a one-way hash when they are stored in the data source or compared for validation.
When storing sensitive information such as connection strings, user credentials, or encryption keys in the Web.config file for an application, encrypt the sensitive sections of the Web.config file using a protected configuration provider. For more information about protected configuration, see Encrypting Configuration Information Using Protected Configuration.
For more information about using encryption to protect sensitive information, see .NET Framework Cryptography Model.
When storing sensitive information in files, databases, the registry, or other locations, use NTFS Access Control Lists and database permissions to restrict access to the information to only the required sources and only the require access. For more information, see your database documentation or ASP.NET Required Access Control Lists (ACLs).