Web.config:敏感设置 [英] Web.config: sensitive settings

问题描述

问题:

我想使用我的Facebook客户端机密，使用IIS在本地运行我的ASP.NET MVC网站.我还想使Facebook客户端的秘密不受源代码控制.我将所有这些内容发布到Azure，因此在云中运行Web服务器时没有问题.敏感的设置直接进入App Service，并且永远不会被源代码控制看到.

I would like to run my ASP.NET MVC site locally using IIS, using my Facebook client secret. I would also like to keep the Facebook client secret out of source control. I am publishing all this to Azure, so there is no problem when I'm running my web server in the Cloud. Sensitive settings go straight into the App Service, and never get seen by source control.

原则上，很容易将客户端机密控制在源代码控制之外.我可以在Web.config的应用程序设置中添加一个配置源:

In principle, keeping the client secret out of source control is easy. I can just add a config source to my app settings in Web.config:

<appSettings configSource="facebookClientSecret.config" />

和我所有的设置都可以进入 facebookClientSecret.config 中，该文件将添加到 .gitignore 中.

and all of my settings can go into facebookClientSecret.config, which gets added to .gitignore.

其中存在问题:我的所有设置.我不想从源代码管理中隐藏所有设置:仅敏感的设置.

Therein lies the problem: all of my settings. I don't want to hide all settings from source control: only the sensitive ones.

我尝试这样做:

<代码>< appSettings><添加key ="webpages:Version" value ="3.0.0.0"/><添加key ="webpages:Enabled" value ="false"/>< add key ="ClientValidationEnabled" value ="true"/>< add key ="UnobtrusiveJavaScriptEnabled" value ="true"/>< add configSource ="facebookAppSecret.config"/>< add key ="StorageConnectionString" value ="UseDevelopmentStorage = true"/></appSettings>

但是显然这是不允许的".有没有办法让应用程序设置的子集来自单独的文件?

But apparently that's "not allowed". Is there a way to have a subset of the app settings sourced from a separate file?

推荐答案

上的 appSettings 上的rel ="nofollow"> file 属性非常合适.

The file attribute on appSettings fits the bill nicely.

 <appSettings file="facebookAppSecret.config">
    <add key="webpages:Version" value="3.0.0.0" />
    <add key="webpages:Enabled" value="false" />
    <add key="ClientValidationEnabled" value="true" />
    <add key="UnobtrusiveJavaScriptEnabled" value="true" />    
    <add key="StorageConnectionString" value="UseDevelopmentStorage=true" />
</appSettings>

设置将从facebookAppSecret.config文件以及< appSettings></appSettings> 条目中拉出.

Settings will be pulled from the facebookAppSecret.config file as well as the <appSettings></appSettings> entries.

还值得注意的是，该文件的内容应仅包含< appSettings></appSettings> 块(即，它应不包含<?xml version ="1.0" encoding ="utf-8"?>< configuration> ...</configuration>

It's worth noting also that the contents of that file should only contain a <appSettings></appSettings> block (i.e. it should not contain <?xml version="1.0" encoding="utf-8" ?><configuration>...</configuration>

您将需要调整文件的生成操作(应为内容")和复制到输出目录项目设置(在Visual Studio中右键单击文件)->属性)，以便在构建时将该文件包含在输出目录中.

You will need to adjust the Build Action (should be "Content") and Copy To Output Directory project settings for the file (right click on file in Visual Studio -> Properties) so the file is included in the output directory when you build.

这篇关于Web.config:敏感设置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！