问题描述
我有一些空闲时间,所以我想在公司网站上做一些工作:.Net 2.0在Server 2003计算机上的IIS6下运行.这将是迁移到3.5甚至4.0的第一步.
数据库连接字符串和各种应用程序设置当前嵌入在DLL中.我想将它们迁移到web.config文件中:它们不会经常更改,但是一旦更改,就很难编辑,重新编译和重新部署程序集.出于明显的原因,我想对数据进行加密.
我有一些简单的代码调用SectionInformation.ProtectSection和SectionInformation.UnprotectSection;它适用于加密和解密 appSettings 和 connectionStrings .
尽我所能,安全地编辑此数据需要我复制web.config文件,解密该副本,进行所需的编辑,重新加密并替换旧的配置,这似乎会做得更多比我们现在拥有的要多.我确实尝试通过IIS管理器(在我的测试机上为Vista上的IIS7)进入IIS管理器,但收到有关不支持加密部分的错误;我假设IIS6会有同样的问题.
因此:是否可以就地修改加密部分?如果不是,则将字符串嵌入DLL是否合理安全?
I have some free time, so I would like to do some work on the company website: .Net 2.0 running under IIS6 on a Server 2003 machine. This will be the first steps towards migrating to 3.5, maybe even 4.0.
The database connection strings and various app settings are currently embedded in a DLL. I would like to migrate them into the web.config file: they don''t change often, but when they do, it has been a hassle to edit, recompile and redeploy the assembly. For obvious reasons, I would like to have the data encrypted.
I have some simple code that calls SectionInformation.ProtectSection and SectionInformation.UnprotectSection; it works just fine for encrypting and decrypting appSettings and connectionStrings.
As best as I can find, editing this data securely requires that I make a copy of the web.config file, decrypt that copy, make the desired edits, re-encrypt and replace the old configuration, which seems like it would be more work than what we have now. I did try to go in through IIS Manager (on my test machine which is IIS7 on Vista) but I get an error about encrypted sections not being supported; I am assuming that IIS6 would have the same problem.
So: Is it possible to modify encrypted sections in-place? If not, is embedding the strings in a DLL reasonably secure?
推荐答案
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Button ID="EncryptButton" runat="server" Text="Encrypt"
onclick="EncryptButton_Click" style="height: 26px" />
<asp:Button ID="DecryptButton" runat="server" Text="Decrypt"
onclick="DecryptButton_Click" />
<asp:Button ID="IncrementButton" runat="server" Text="Increment"
onclick="IncrementButton_Click" />
<asp:Label ID="CountLabel"
runat="server" Text="0"></asp:Label>
<br />
<asp:Label ID="StatusLabel"
runat="server" Text="" EnableViewState=false></asp:Label>
</div>
</form>
</body>
</html>
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
using System.Web.Configuration;
public partial class _Default : System.Web.UI.Page
{
/// <summary>
/// Handles the PreRender event of the Page control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
protected void Page_PreRender(object sender, EventArgs e)
{
Configuration confg = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection confStrSect = confg.GetSection(sectionKey);
StatusLabel.Text = "No Config Section";
if (confStrSect != null)
{
StatusLabel.Text = "Decrypted";
if (confStrSect.SectionInformation.IsProtected)
{
StatusLabel.Text = "Encrypted";
}
int count = 0;
int.TryParse(confg.AppSettings.Settings[countKey].Value, out count);
CountLabel.Text = count.ToString();
}
}
string providerKey = "RSAProtectedConfigurationProvider";
string sectionKey = "appSettings";
string countKey = "Count";
/// <summary>
/// Handles the Click event of the EncryptButton control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
protected void EncryptButton_Click(object sender, EventArgs e)
{
Configuration confg = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection confStrSect = confg.GetSection(sectionKey);
if (confStrSect != null)
{
confStrSect.SectionInformation.ProtectSection(providerKey);
confg.Save();
}
}
/// <summary>
/// Handles the Click event of the DecryptButton control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
protected void DecryptButton_Click(object sender, EventArgs e)
{
Configuration confg = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection confStrSect = confg.GetSection(sectionKey);
if (confStrSect != null && confStrSect.SectionInformation.IsProtected)
{
confStrSect.SectionInformation.UnprotectSection();
confg.Save();
}
}
/// <summary>
/// Handles the Click event of the IncrementButton control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="System.EventArgs"/> instance containing the event data.</param>
protected void IncrementButton_Click(object sender, EventArgs e)
{
int count = 0;
int.TryParse(WebConfigurationManager.AppSettings[countKey], out count);
count++;
Configuration confg = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection confStrSect = confg.GetSection(sectionKey);
{
if (confg.AppSettings.Settings.AllKeys.Contains(countKey))
{
confg.AppSettings.Settings[countKey].Value = count.ToString();
}
else
{
confg.AppSettings.Settings.Add(countKey, count.ToString());
}
confg.Save(ConfigurationSaveMode.Modified);
}
}
}
这篇关于如何管理加密的appSettings和connectionStrings?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!