C# 在 app.config 中加密连接字符串
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11637348/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Encrypt connection string in app.config
提问by Blade3
I am having trouble encrypting a connection string in app.config. I have code that will protect the connectionStrings section of app.config, but the password is still displayed in plain text.
我在 app.config 中加密连接字符串时遇到问题。我有可以保护 app.config 的 connectionStrings 部分的代码,但密码仍以纯文本形式显示。
I need to encrypt the connection string in so it is not in plain text when deployed. I see similiar questions on SO for web.config, but not app.config.
我需要加密连接字符串,以便在部署时它不是纯文本。我看到关于 web.config 的 SO 的类似问题,但不是 app.config。
采纳答案by John Mitchell
Have a look at This Articleit has some very useful examples. You're basically looking for System.Configuration.SectionInformation.ProtectSectionto help you out here.
看看这篇文章,它有一些非常有用的例子。您基本上是在寻找System.Configuration.SectionInformation.ProtectSection帮助您的人。
Also have a peek at Implementing Protected Configuration
还可以看一下实现受保护的配置
回答by benoit
You can easily apply the same solution as the web.config you just have to rename your app.config to web.config, encrypt with the aspnet_regiis tool and then rename it back to app.config.
您可以轻松地应用与 web.config 相同的解决方案,您只需将 app.config 重命名为 web.config,使用 aspnet_regiis 工具加密,然后将其重命名回 app.config。
- Rename app.config to web.config
- Open command prompt and type:
%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pef "connectionStrings" c:\<folder containing your web.config>(stop at folder level and don't put the trailing "\") - rename web.config back to app.config
- 将 app.config 重命名为 web.config
- 打开命令提示符并键入:(
%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pef "connectionStrings" c:\<folder containing your web.config>在文件夹级别停止并且不要添加尾随的“\”) - 将 web.config 重命名回 app.config
You can open it in notepad to see the encrypted file. In visual studio you will see it's decrypted. You can use your connection string the same way as if it was not encrypted.
您可以在记事本中打开它以查看加密文件。在 Visual Studio 中,您将看到它已解密。您可以像未加密一样使用连接字符串。
回答by Salem Ahmed
Define the location of configFile
定义config文件的位置
Configuration config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None);
if you want to encrypt connectionStrings
如果你想加密 connectionStrings
config.ConnectionStrings.SectionInformation.ProtectSection(Nothing);
you must be aware of app config portions
您必须了解应用程序配置部分
so if you want to encrypt AppSettings
所以如果你想加密 AppSettings
config.AppSettings.SectionInformation.ProtectSection(Nothing);
回答by anantha Krishnan
? Rename App.config file to web.config<br>? Run Command prompt as admin:
? 重命名App.config file to web.config<br>?以管理员身份运行命令提示符:
For encrypt:
对于加密:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pef "connectionStrings"your project location within quotes and -prov "DataProtectionConfigurationProvider"
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pef "connectionStrings"您在引号内的项目位置和 -prov "DataProtectionConfigurationProvider"
Ex:
前任:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pef "connectionStrings" "D:\location\location1\location" -prov "DataProtectionConfigurationProvider"
For Decrypt:
对于解密:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pdf "connectionStrings"your project location within quotes.
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pdf "connectionStrings"您在引号内的项目位置。
Ex:
前任:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -pdf "connectionStrings" "D:\location1\location"
For error:
对于错误:
Add this in Configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"
在配置中添加这个 xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"
Like this:
像这样:
? Finally, Rename web.configto App.Config
? 最后,重命名web.config为App.Config
回答by stigzler
A way to automate this:
一种自动化的方法:
ProjectSettings > Compile > BuildEvents > Edit Post-build
ProjectSettings > Compile > BuildEvents > Edit Post-build
Paste the code below:
粘贴下面的代码:
SET ApplicationName=YourAppWithoutExtention
echo.
echo POST BUILD ACTIONS
echo ====================
if EXIST web.config (
echo Deleting web.config
DEL web.config
)
echo Renaming %ApplicationName%.exe.config to web.config
REN %ApplicationName%.exe.config web.config
echo Running aspnet_regis against webconfig
SET rpath=%windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pef "connectionStrings" "$(TargetDir)
SET rpath=%rpath:~0,-1%"
echo Path: %rpath%
%rpath%
echo Renaming web.config to %ApplicationName%.exe.config
REN web.config %ApplicationName%.exe.config
echo Done.
Replacing "YourAppWithoutExtention" with your app name.
用您的应用程序名称替换“YourAppWithoutExtention”。
Then every time it builds, it will automatically encrypt your app.config.
然后每次构建时,它都会自动加密您的 app.config。
回答by Ned
Additionally, If there is anyone who wants to encrypt and decrypt connection strings in web farmshere are the steps:
此外,如果有人想要加密和解密网络农场中的连接字符串,请执行以下步骤:
Create an RSA key:
aspnet_regiis -pc "MyKeys" -expGrant access for application pool identity to this key:
aspnet_regiis -pa "MyKeys" "IIS AppPool\ApplicationPoolName" -fullAdd RSA provider to the web.config:
<configuration> <configProtectedData> <providers> <add name="MyProvider" type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL" keyContainerName="MyKeys" useMachineContainer="true" /> </providers> </configProtectedData> </configuration>Encrypt web.config by using the RSA provider:
aspnet_regiis -pe "connectionStrings" -app "/MyApplication" -prov "MyProvider"Note: You can use the alternative syntax like the one we did for a single server scenario. Example:ASPNET_REGIIS -pef "connectionStrings" "D:\inetpub\wwwroot\applicationFolder" -prov "MyProvider"- Open the web.config and confirm that the connection string is encrypted
- Test the site and confirm that it is working
- Try decrypting the web.config. Create a test.aspx file with the code below inside. Browse it to see the decrypted file
- Export the RSA key to the C drive:
aspnet_regiis -px "MyKeys" "c:\keys.xml" -pri - Copy this file to the second server in the web farm
- Import it in that server:
aspnet_regiis -pi "MyKeys" "c:\keys.xml" - Grant access to this key (same as Step 2)
- Test the application in the second server
创建 RSA 密钥:
aspnet_regiis -pc "MyKeys" -exp授予此密钥的应用程序池身份访问权限:
aspnet_regiis -pa "MyKeys" "IIS AppPool\ApplicationPoolName" -full将 RSA 提供程序添加到 web.config:
<configuration> <configProtectedData> <providers> <add name="MyProvider" type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL" keyContainerName="MyKeys" useMachineContainer="true" /> </providers> </configProtectedData> </configuration>使用 RSA 提供程序加密 web.config:
aspnet_regiis -pe "connectionStrings" -app "/MyApplication" -prov "MyProvider"注意:您可以使用替代语法,就像我们为单个服务器场景所做的那样。例子:ASPNET_REGIIS -pef "connectionStrings" "D:\inetpub\wwwroot\applicationFolder" -prov "MyProvider"- 打开 web.config 并确认连接字符串已加密
- 测试站点并确认其正常工作
- 尝试解密 web.config。创建一个包含以下代码的 test.aspx 文件。浏览它以查看解密文件
- 将 RSA 密钥导出到 C 盘:
aspnet_regiis -px "MyKeys" "c:\keys.xml" -pri - 将此文件复制到 Web 场中的第二台服务器
- 将其导入该服务器:
aspnet_regiis -pi "MyKeys" "c:\keys.xml" - 授予对此密钥的访问权限(与步骤 2 相同)
- 在第二台服务器上测试应用程序
Source: How to encrypt and decrypt connection strings
来源:如何加密和解密连接字符串
