对于在Azure部署中将密码存储在Web.config中的正确过程感到困惑 [英] Confused on what is the correct procedure on storing passwords in Web.config for Azure deployment
问题描述
在将MVC 5应用程序安装到Azure上时,我经历了非常令人沮丧的经历.我正在阅读以下页面:
I've had a very frustrating experience on putting an MVC 5 app on Azure. I have been reading the following page: http://www.asp.net/identity/overview/features-api/best-practices-for-deploying-passwords-and-other-sensitive-data-to-aspnet-and-azure
但是我没有想到的是:
安全警告:请勿将您的秘密.config文件添加到您的项目中,也不要将其检入源代码管理中.默认情况下,Visual Studio将生成操作"设置为内容",这表示已部署文件.有关更多信息,请参见为什么不部署我的项目文件夹中的所有文件?尽管您可以对秘密.config文件使用任何扩展名,但是最好将其保留为.config,因为IIS不提供配置文件.还要注意,AppSettingsSecrets.config文件比web.config文件高两个目录级别,因此它完全不在解决方案目录之内.通过将文件移出解决方案目录,"git add *"不会将其添加到您的存储库中.
Security Warning: Do not add your secrets .config file to your project or check it into source control. By default, Visual Studio sets the Build Action to Content, which means the file is deployed. For more information see Why don't all of the files in my project folder get deployed? Although you can use any extension for the secrets .config file, it's best to keep it .config, as config files are not served by IIS. Notice also that the AppSettingsSecrets.config file is two directory levels up from the web.config file, so it's completely out of the solution directory. By moving the file out of the solution directory, "git add *" won't add it to your repository.
并且:
安全警告:与AppSettingsSecrets.config文件不同,外部连接字符串文件必须与根web.config文件位于同一目录中,因此您必须采取预防措施以确保不要检查放入您的源存储库.
问题如下:当我不包含外部文件而将Web.config文件上载时,我被系统找不到指定的文件"打中,因此要消失,我必须包含.config文件破坏了微软发布的目的.
The problem is the following: When I upload the Web.config file with the external files without being included I get hit by "The System cannot find the file specified", so for it to go away I must include the .config files defeating the purpose of Microsoft's post.
我真的真的不明白.我已经在Azure门户中添加了connectionStrings和appSetting的键.将密码和机密在线的正确且安全的方法是什么?我想念什么?是因为我在调试模式下运行吗?
I really really really do not understand. I have added the connectionStrings and appSetting's keys in Azure's portal. What is the correct and secured way of putting my passwords and secrets online? What am I missing? Is it because I'm running in Debug mode?
不必担心访问Web.config文件...
There is nothing to worry about accessing the Web.config file...
但这恰恰违背了微软的职位.
But that just defies Microsoft's post.
谢谢.
推荐答案
我发现以下技术是最简单的方法.
I find the following technique to be the easiest way to do this.
我没有将这些设置的部署值放入web.config,而是将测试值保留在其中.然后,我通过Azure门户将部署值放入Azure网站的应用程序设置"部分:
Instead of putting the deployment values of these settings into the web.config, I keep the test values in there instead. I then put the deployment values into the Application Settings section of the Azure Website via the Azure Portal:
网站运行时,这些设置将优先于web.config中的设置.这可以帮助我避免使用外部化的文件,允许我保留团队可以共享的合理的开发配置,并使部署变得非常容易.
When the website runs, these settings will take precedence over what is in the web.config. This helps me avoid externalized files, allows me to keep sane development configuration that the team can share, and makes deployment very easy.
这篇关于对于在Azure部署中将密码存储在Web.config中的正确过程感到困惑的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
