ASP.NET MVC 4 - 如何加密连接字符串到我的生产SQL服务器? [英] ASP.NET MVC 4 - How should I encrypt the connection string to my production SQL server?
问题描述
现在,我可以通过Web.config转换来解决第一个需求,这样数据库连接字符串在部署到Azure时就会被替代。但是,我看不到如何将它与连接字符串加密相结合?在部署时,如何将SQL Azure连接字符串加密并替换为开发连接字符串?这种情况的最佳做法将是最受欢迎的:)
我认为这里的一个很好的解决方案是输入生产< connectionStrings> 部分到Web.config并对其进行加密,然后将加密的< connectionStrings> 部分移入转换文件(例如Web.Release.config)并对其进行注释,以便在转换时替换整个< connectionStrings> 部分。这实现了使用也加密的生产连接字符串部署Web.config的目标。
我遵循保护Windows Azure中的连接字符串的指南,部分 1 , 2 , 3 和 4 了解如何加密Web.config。我建议为了完整的参考,其他人做同样的事情。我将概述我为解决方案而执行的主要步骤。
更新< connectionStrings> 在安装了生产设置的Web.config中,我安装了 Pkcs12受保护的配置提供程序并运行了aspnet_regiis。 exe加密部分(在Visual Studio命令提示符中,位于项目目录中):
aspnet_regiis -pefconnectionStrings -provCustomProvider
我还添加了一个定义 CustomProvider to Web.config:
< configProtectedData>
< providers>
< add name =CustomProviderthumbprint =<你的指纹在这里>
type =Pkcs12ProtectedConfigurationProvider.Pkcs12ProtectedConfigurationProvider,PKCS12ProtectedConfigurationProvider,Version = 1.0.0.0,Culture = neutral,PublicKeyToken = 34da007ac91f901d/>
< / providers>
< / configProtectedData>
之后,我移动了加密的< connectionStrings> 部分到Web.Release.config(它用于在部署到Azure时用于转换Web.config),并注释该部分,以便它替换Web.config中的相应部分:
connectionStrings configProtectionProvider =CustomProviderxdt:Transform =Replace>
...
< / connectionStrings>
最后我恢复了开发< connectionStrings> 部分在Web.config。我已经测试了这个解决方案,发现部署的Web.config包含加密的< connectionStrings> 部分,就像我以前一样。
I have an ASP.NET MVC 4 project which is to be deployed to Azure for production, in production I use a SQL Azure database. My problem is that I want to connect to the SQL Azure database only in the production deployment, and not when developing, and that the SQL Azure connection string should be encrypted.
Now, I can solve the first requirement through a Web.config transform, so that the database connection string gets substituted upon deployment to Azure. However, I don't see how to combine this with connection string encryption? How can one both encrypt the SQL Azure connection string and substitute it for the development connection string when deploying? Best practices for this scenario would be most welcome :)
I think a good solution here is to type the production <connectionStrings> section into Web.config and encrypt it, and then move the encrypted <connectionStrings> section into the transform file (e.g. Web.Release.config) and annotate it so that it replaces the whole <connectionStrings> section upon transformation. This accomplishes the goal of deploying Web.config with production connection strings that are also encrypted.
I've followed the guide in "Securing Your Connection String in Windows Azure", parts 1, 2, 3 and 4 to understand how to encrypt Web.config. I suggest that for a full reference, others do the same. I will outline the main steps I've performed to solve my scenario.
After updating the <connectionStrings> section in Web.config with production settings, I installed the Pkcs12 Protected Configuration Provider and ran aspnet_regiis.exe to encrypt the section (in a Visual Studio command prompt, situated in the project directory):
aspnet_regiis -pef "connectionStrings" "." -prov "CustomProvider"
I also added a definition of CustomProvider to Web.config:
<configProtectedData>
<providers>
<add name="CustomProvider" thumbprint="<your thumbprint here>"
type="Pkcs12ProtectedConfigurationProvider.Pkcs12ProtectedConfigurationProvider, PKCS12ProtectedConfigurationProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=34da007ac91f901d"/>
</providers>
</configProtectedData>
Afterwards I moved the encrypted <connectionStrings> section into Web.Release.config (which is used to transform Web.config upon deployment to Azure), and annotated the section so that it replaces the corresponding section in Web.config:
connectionStrings configProtectionProvider="CustomProvider" xdt:Transform="Replace">
...
</connectionStrings>
Finally I restored the development <connectionStrings> section in Web.config. I have tested this solution and found that the deployed Web.config contains the encrypted <connectionStrings> section, just as I was after.
这篇关于ASP.NET MVC 4 - 如何加密连接字符串到我的生产SQL服务器?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
