ASP.NET machineKey中设置code键 [英] ASP.NET machinekey set keys in code
问题描述
我想在code运行时动态调整机键,对于IIS托管ASP.NET MVC 4的网站。
I want to adjust the machine keys dynamically in code during runtime, for an IIS hosted ASP.NET MVC 4 website.
本机键,加密和验证密钥以及算法来使用,都存储在数据库中。而不是从的web.config 文件中读取值,我想在应用程序启动注入这些价值观,并让系统使用这些替代。
The machine keys, encryption and validation keys as well as algorithms to use, are stored in a database. Instead of reading the values from the web.config file, I want to inject those values during application startup and let the system use those instead.
有没有办法实现这个无需更改的web.config 在所有(只改变内存中的配置)?
Is there any way to accomplish that without having to change web.config at all (to only change the in memory configuration)?
我曾尝试访问配置部分,但它被标记为只读,并且也是密封的,所以我不能覆盖 IsReadOnly()。然而,有一个二传手这是一个指标,对我来说,这有可能是一种潜在删除只读标志。
I have tried accessing the configuration section but it is marked as readonly and is also sealed, so I cannot override IsReadOnly(). However, there is a setter that is an indicator, to me, that there may be a way to potentially remove the readonly flag.
var configSection = (MachineKeySection)ConfigurationManager.GetSection("system.web/machineKey");
if (!configSection.IsReadOnly())
{
configSection.ValidationKey = _platformInfo.MachineKey.ValidationKey;
configSection.DecryptionKey = _platformInfo.MachineKey.EncryptionKey;
...
}
有没有办法做到这一点?
我能看到的唯一选择是使用像AppHarbor一个自定义的方法,但是我宁愿用内置的方法,如果它是在所有可能的坚持。
Is there any way to accomplish this? The only alternative I can see is to use a custom method like AppHarbor, however I would rather stick with the built in approach if it is possible at all.
在万一有人问我为什么要这么做,理由是,
这是一个大量的webfarm运行相同的网站。因此,有非自动生成的键是必须的(必须是每个服务器上相同)。也各网站应该分离的和应该不共享相同的密钥。由于所有的网站都在自己的身体重新presentation相同的,它们共享同一物理位置。这是web.config文件中不能包含应用程序特定设置的原因。
In case someone asks why I want to do that, the reason is, this is for a large number of identical websites running in a webfarm. Hence, having non-auto-generated keys is a must (must be the same on each server). Also each website should be isolated and should not share the same keys. As all websites are identical in their physical representation, they share the same physical location. That is the reason the web.config file cannot contain application specific settings.
编辑:这将是非常有益的确认,至少,如果是根本不可能的。至于说,我们可以使用自定义身份验证和加密方法,这将完全避免使用本机键设置。谢谢你。
It would be very helpful to confirm, at least, if it is simply not possible. As said, one can use custom authentication and encryption methods which would avoid using the machine key settings altogether. Thanks.
推荐答案
有没有办法设置此一次编程Web应用程序启动。但是,它仍然有可能实现自己的目标。
There is no way to set this programmatically once the web application starts. However, it is still possible to accomplish your goal.
如果每个应用程序在其自己的应用程序池中运行,并在每个应用程序池都有自己的身份,然后检查了在 CLRConfigFile 中的的applicationHost.config 。你可以使用这个每个应用程序池注入配置一个新的水平。见<一href=\"http://weblogs.asp.net/owscott/archive/2011/12/01/setting-an-aspnet-config-file-per-application-pool.aspx\" rel=\"nofollow\">http://weblogs.asp.net/owscott/archive/2011/12/01/setting-an-aspnet-config-file-per-application-pool.aspx对于如何使用这样的一个例子。您可以设置一个明确的和独特的&LT;的System.Web / machineKey中&GT;元素,每个应用程序池的定制CLR配置文件。
If each application is running in its own application pool, and if each application pool has its own identity, then check out the CLRConfigFile switch in applicationHost.config. You can use this per-application pool to inject a new level of configuration. See http://weblogs.asp.net/owscott/archive/2011/12/01/setting-an-aspnet-config-file-per-application-pool.aspx for an example of how to use this. You could set an explicit and unique <system.web/machineKey> element in each application pool's custom CLR config file.
这是Azure网站,GoDaddy的,以及其他托管商需要对每个应用程序设置的默认显机键使用相同的机制。记得要适当ACL每个目标config文件的应用程序池将被访问它。
This is the same mechanism used by Azure Web Sites, GoDaddy, and other hosters that need to set default explicit machine keys on a per-application basis. Remember to ACL each target .config file appropriately for the application pool which will be accessing it.
这篇关于ASP.NET machineKey中设置code键的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
