C#SQL)如何加密web.config与Azure SQL数据库的连接字符串?(并将密钥导入到Azure SQL数据库中进行解密吗?) [英] C# SQL) How to encrypt connectionstring of web.config to Azure SQL database? (and import the key into Azure SQL database for decryption?)
问题描述
我的软件的体系结构是
WPF(用户计算机上的Windows桌面应用程序)-Azure云服务上的WCF Web角色(Windows Communication Foundation)(此处,存在与Azure SQL数据库的连接字符串)-Azure SQL Server(Azure SQL数据库).
WPF (Windows desktop application on users' computers) - WCF web role(Windows Communication Foundation) on Azure Cloud Service (Here, the connectionstring to Azure SQL database exists)- Azure SQL Server(Azure SQL database).
据我所知,最近可以在与Azure SQL数据库的连接字符串中包括"database.secure.windows.net"之类的新功能.
According to my knowledge, new feature like 'database.secure.windows.net' can be included recently in connectionstring to Azure SQL database..
因此,如上所述,我已经更改了应用程序的连接字符串,包括在连接字符串中的安全",这样我就可以像以前一样毫无问题地成功访问Azure SQL数据库.
So, I've changed the connectionstring of my application as included the 'secure' in connectionstring as above and through this I can access to Azure SQL database successfully without any problem as before.
如果我们使用'secure.windows.net'配置连接字符串,是否无需担心暴露连接字符串?
If we configure our connectionstring with 'secure.windows.net', is there no need to worry about connectionstring to be exposured?
如果仍然需要将我的连接字符串加密到Azure SQL数据库,那么该如何实现呢?
If still, I need to encrypt my connectionstring to Azure SQL database, then how can I implement this?
如何加密(也许是RSA?)?
How can I encrypt(maybe, RSA ?) ?
在尝试加密的过程中,我了解了一些RSA加密,但还不够.
In the way of trying to encrypt, I've learned about RSA encryption little bit but not quite enough.
我想知道的最重要的事情是,如果我已经使用RSA容器或makecert.exe(证书)进行了加密,如何将RSA容器或证书导出到Azure SQL数据库(Azure SQL Server),以便Azure SQL数据库(Azure SQL Server)可以解密加密的连接字符串以允许来自客户端应用程序的访问吗?
And the most important thing I want know is, if I've encrypted with RSA container or makecert.exe (certificate), how can I export the RSA container or the certificate to Azure SQL database(Azure SQL server) so that Azure SQL database(Azure SQL server) can decrypt the encrypted connectionstring to allow accesses from client applications?
P.S)根据Microsoft Azure的官方文档,Azure不支持DPAPI和RSA,我们必须使用其他受保护的配置提供程序,例如PKCS12 ProtectedConfigurationProvider.
P.S) According to Microsoft Azure's official document, DPAPI and RSA are not supported with Azure and we have to use another protected configuration provider like PKCS12 ProtectedConfigurationProvider.
因为我的专业与软件无关,而与生物化学有关,所以详细的解释将不胜感激!
Because my major is not related to software but bio-chemistry, an explanation in detail will be greatly appreciated !
非常感谢您!
推荐答案
经过近1个月的努力,我终于成功加密了连接字符串并连接到Azure SQL数据库.可以使用PKCS12ProtectedConfigurationProvider加密而不是DPAPI RSA ProtectedConfigurationProvider,然后连接到Azure.还有一些Microsoft过期的较旧的博客,但TechNet(Microsoft)的此链接仍然可用. http://social.technet.microsoft.com/wiki/contents/articles/2951.windows-azure-sql-database-connection-security.aspx#_Download_and_Compile
I've finally succeeded in encrypting connectionstring and connecting to Azure SQL database after almost 1 month of struggling. Rather than DPAPI, RSA ProtectedConfigurationProvider, we can encrypt through PKCS12ProtectedConfigurationProvider and connect to Azure. There's also some Microsoft's expired older blog but this link of TechNet(Microsoft) is still available. http://social.technet.microsoft.com/wiki/contents/articles/2951.windows-azure-sql-database-connection-security.aspx#_Download_and_Compile
我们需要通过NUGET正确安装PKCS12提供程序,并且在制作新的云服务的过程中需要在New Azure Portal上安装证书.
And we need to install the PKCS12 provider correctly through NUGET and need to install the certificate on the New Azure Portal in the course of making new cloud service.
我希望我的艰难经历能帮助那些必须解决像我这样的问题的人.
I hope my difficult experience helps someone who has to solve some problem like mine.
谢谢!
这篇关于C#SQL)如何加密web.config与Azure SQL数据库的连接字符串?(并将密钥导入到Azure SQL数据库中进行解密吗?)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
