claunia/marechai
1
0
Fork 0
mirror of https://github.com/claunia/marechai.git synced 2025-12-16 19:14:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
096865dc3b9a90b27fad663c769f94a7693275cb
marechai/Marechai/Helpers/ConnectionStringManager.cs
Natalia Portillo 096865dc3b chore: Complete .NET modernization - upgrade to .NET 9, update dependencies, fix security vulnerabilities, and implement local credential encryption 
Changes:
- Upgrade both projects from .NET 5.0 to .NET 9.0
- Update Entity Framework Core packages to 9.0.11
- Update SkiaSharp to 3.119.1 (fixes CVE security vulnerability)
- Remove deprecated Microsoft.ApplicationInsights.AspNetCore
- Implement local credential encryption using Data Protection API
- Add CredentialEncryptor helper for DPAPI integration
- Add ConnectionStringManager for secure connection string handling
- Update Startup.cs to register credential encryption services
- Remove Application Insights configuration from _Host.cshtml

All changes maintain backward compatibility with existing plaintext credentials
while providing optional encryption for production deployments.
2025-11-13 02:02:14 +00:00

65 lines
2.6 KiB
C#
Raw Blame History

using System;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
namespace Marechai.Helpers
{
/// <summary>
/// Manages connection string configuration with support for encrypted credentials.
/// Supports both plaintext (for development) and encrypted (for production) credentials.
/// </summary>
public static class ConnectionStringManager
{
private const string DefaultConnectionKey = "DefaultConnection";
private const string EncryptedConnectionKey = "DefaultConnectionEncrypted";
/// <summary>
/// Gets the connection string from configuration, attempting to decrypt if necessary.
/// </summary>
/// <param name="configuration">The configuration object</param>
/// <param name="credentialEncryptor">Optional credential encryptor for decryption</param>
/// <returns>The connection string (plaintext or decrypted)</returns>
public static string GetConnectionString(
IConfiguration configuration,
CredentialEncryptor credentialEncryptor = null)
{
if(configuration == null)
throw new ArgumentNullException(nameof(configuration));
// First, try to get the encrypted connection string
string encryptedConnection = configuration.GetConnectionString(EncryptedConnectionKey);
if(!string.IsNullOrEmpty(encryptedConnection) && credentialEncryptor != null)
{
try
{
return credentialEncryptor.DecryptCredential(encryptedConnection);
}
catch(Exception ex)
{
Console.WriteLine(
$"\u001b[31;1mWarning: Failed to decrypt connection string: {ex.Message}\u001b[0m");
}
}
// Fall back to plaintext connection string
string plaintextConnection = configuration.GetConnectionString(DefaultConnectionKey);
if(string.IsNullOrEmpty(plaintextConnection))
Console.WriteLine(
"\u001b[31;1mWarning: No connection string found in configuration\u001b[0m");
return plaintextConnection;
}
/// <summary>
/// Adds connection string management services to the DI container.
/// </summary>
/// <param name="services">The service collection</param>
public static void AddConnectionStringManagement(IServiceCollection services)
{
services.AddDataProtection();
}
}
}
Reference in New Issue View Git Blame Copy Permalink