加密 Web.Config [英] Encrypting Web.Config
问题描述
在 web.config 文件中加密信息的最佳方法和工具是什么?
What is the best approach and tools for encrypting information in web.config file?
推荐答案
我认为有两种方法可以做到这一点:
I believe there are two ways of doing this:
使用 aspnet_regiis 使用 DPAPI 或 RSA 或 以编程方式进行.
using aspnet_regiis using DPAPI or RSA, or doing it programmatically.
编程方式很方便,特别是如果您还想加密 app.config.
The programmatic way can be handy, particularly if you also like to encrypt app.config.
根据我的使用经验,如果您编写自定义配置部分,则您已将包含该部分的类的 DLL 安装到 GAC 中.对于我正在工作的项目,我基本上编写了以下方法:
From my experiences of using this, if you write a custom configuration section, you have install the DLL containing the classes for that section into the GAC. For a project I was working I basically scripted the following approach:
- 将配置 DLL 复制到 GAC.
- 执行加密.
- 从 GAC 中删除配置 DLL.
如果您只是加密连接字符串,那么这不会有问题.您还需要记住是要在机器范围内加密还是要加密到特定用户帐户 - 根据您的情况,这两个选项都可能有用.为简单起见,我坚持使用机器范围的加密.我提供的链接解释了这两种方法的优点.
Chances are if you are just encrypting connection strings then this won't be a problem. You also need to be bear in mind whether you want to encrypt on a machine wide basis or to a specific user account- both options can be useful depending on your scenario. For simplicity I stuck to machine wide encryption. The links I have provided explain the merits of both approaches.
这篇关于加密 Web.Config的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!