加密Web.Config [英] Encrypting Web.Config
问题描述
在web.config文件中加密信息的最佳方法和工具是什么?
What is the best approach and tools for encrypting information in web.config file?
推荐答案
我相信有两种方法:
使用aspnet_regiis使用 DPAPI 或 RSA 或以编程方式执行。
using aspnet_regiis using DPAPI or RSA, or doing it programmatically.
程序化的方式可以方便,特别是如果你也想加密app.config。
The programmatic way can be handy, particularly if you also like to encrypt app.config.
根据我使用此方法的经验,如果您编写自定义配置部分,则将该部分的类包含在GAC中。对于我正在工作的项目,我基本上编写了以下方法:
From my experiences of using this, if you write a custom configuration section, you have install the DLL containing the classes for that section into the GAC. For a project I was working I basically scripted the following approach:
- 将配置DLL复制到GAC。
- 执行加密。
- 从GAC中删除配置DLL。
只是加密连接字符串,那么这不会是一个问题。您还需要牢记,无论您是要在机器上还是特定用户帐户加密,根据您的情况,这两个选项都可能很有用。为了简单起见,我坚持机器加密。我提供的链接解释了两种方法的优点。
Chances are if you are just encrypting connection strings then this won't be a problem. You also need to be bear in mind whether you want to encrypt on a machine wide basis or to a specific user account- both options can be useful depending on your scenario. For simplicity I stuck to machine wide encryption. The links I have provided explain the merits of both approaches.
这篇关于加密Web.Config的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
