是 ConfigurationManage ->section.SectionInformation.ProtectSection() 机器依赖? [英] Is ConfigurationManage -> section.SectionInformation.ProtectSection() machine dependent?

查看:24
本文介绍了是 ConfigurationManage ->section.SectionInformation.ProtectSection() 机器依赖?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

在代码中

Configuration config = ConfigurationManager.OpenExeConfiguration (Application.ExecutablePath);
ConnectionStringsSection section = config.GetSection("connectionStrings") as ConnectionStringsSection;
if (!section.SectionInformation.IsProtected)
{
    section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
}

当我将应用程序移动到另一台机器时遇到了一些麻烦.

I´m getting some trouble when I move the application to another machine.

section.SectionInformation.ProtectSection 是否依赖于调用机器,这意味着我无法复制配置文件并在另一台机器上使用它?

is the section.SectionInformation.ProtectSection call machine dependent, meaning, I cannot copy the config file and use it on another machine ?

是否有与机器无关的提供程序(DataProtectionConfigurationProvider 除外)?

Is there a provider (other than DataProtectionConfigurationProvider ) that is machine independet ?

我的应用程序要求它可以在具有相同配置文件的多台机器上运行(它必须从闪存驱动器运行).

It is a requirement for my application that it works on several machines with the same config file (It must run from a flash drive).

谢谢,法比奥

推荐答案

section.SectionInformation.ProtectSection 是否依赖于调用机器,这意味着我无法复制配置文件并在另一台机器上使用它?

Is the section.SectionInformation.ProtectSection call machine dependent, meaning, I cannot copy the config file and use it on another machine ?

是的,据我所知,这是正确的.这篇文章说密钥是按机器或按用户存储的.

Yes, that's correct as far as I can tell. This article says keys are stored on a per-machine or per-user basis.

是否有与机器无关的提供程序(DataProtectionConfigurationProvider 除外)?

Is there a provider (other than DataProtectionConfigurationProvider ) that is machine independet?

不是开箱即用的,我知道的两个提供程序(DataProtectionConfigurationProviderRSAProtectedConfigurationProvider)都有相同的问题".我发现了一些提示,即 RSA 提供程序允许跨机器重复使用密钥,但没有找到任何关于如何实现这一点的示例.

Not out of the box, the two providers I know of (DataProtectionConfigurationProvider and RSAProtectedConfigurationProvider) both have the same "problem". I found a few hints that the RSA provider allows for keys being re-used across machines, but have not found any examples on how to achieve this.

但是,有一种方法可以实现您的需求,我昨天刚刚自己做了,因为我遇到了类似的问题(我需要从网络位置运行应用程序,并且所有客户端都需要共享相同的加密配置文件).您可以推出自己的 ProtectedConfigurationProvider.以下是一些说明该概念的链接:

However, there is a way to achieve what you need, I just did it myself yesterday since I had a similar problem (I had a requirement to run an app from a network location, and all clients needed to share the same encrypted config file). You can roll your own ProtectedConfigurationProvider. Here's a few links that illustrate the concept:

使用这些文章,我能够构建自己的 ProtectedConfigurationProvider,它不依赖于机器或用户,并在应用程序中使用它.我的发布版本中有一个构建后步骤来保护配置部分,因此我只部署了它的受保护版本.获取受保护部分的数据在其他机器上可以正常工作,没有任何问题.当然,您必须非常小心如何安全地加密和解密您的部分.有几个例子概述了如何做到这一点,这个我认为是其中之一.

Using these articles, I was able to build my own ProtectedConfigurationProvider that is not machine- or user-dependant and use it in an application. I have a post-build step in my release build that protects the config section and therefore I only ever deploy the protected version of it. Getting at the protected section data works as one would expect on other machines without any problems. Of course, you have to be very careful about how to encrypt and decrypt your sections safely. There's a few examples out there outlining how to do it, this is one of them I think.

三篇文章中没有明确说明的一件事是,如果您不使用 ASP.net,如何让您的应用找到您的提供者.将它安装到全局程序集缓存中的通常方法可能对您不起作用,因为您声明您正在从闪存驱动器运行应用程序.因此,您需要将其添加到您的 app.config 文件中,类似于:

One of the things that isn't clearly stated in any of the three articles is how to make your app find your provider if you're not using ASP.net. The usual way of installing it into the global assembly cache probably won't work for you since you state you're running an app from a flash drive. So, you'd need to add it to your app.config file instead, similar to this:

<?xml version="1.0"?>
<configuration>
  ... 
  <configProtectedData defaultProvider="MyEncryptionProvider">
    <providers>
      <add name="MyEncryptionProvider"
        type="MyAssembly.MyEncryptionProvider, MyAssembly, Version=1.0.0.0, Culture=neutral, PublicKeyToken=whatever_the_assembly_token_is" />
    </providers>
  </configProtectedData>
  ...
</configuration>

如果进行加密的程序集与主程序集在同一路径中,这应该可以工作.我使用的是签名程序集,sn -T {Assembly} 会给你需要在配置文件中输入的 PublicKeyToken.

This should work if the assembly that does the encryption is in the same path as your main assembly. I'm using a signed assembly, sn -T {Assembly} will give you the PublicKeyToken you need to enter in the config file.

然后像这样保护一个部分:

Protecting a section is then done similar to this:

using System.Configuration;

...

Configuration oConfiguration = ConfigurationManager.OpenExeConfiguration(yourExePath);
oSection.SectionInformation.ProtectSection("MyEncryptionProvider");
oSection.SectionInformation.ForceSave = true;
oConfiguration.Save();

我今天对其进行了测试,它与在开发机器 (XP SP3) 上加密的配置文件一起工作,并在 XP SP2、Win7 32Bit 和 Win7 64Bit 上使用.

I tested it today, and it worked with a config file being encrypted on a development machine (XP SP3), and being used on XP SP2, Win7 32Bit and Win7 64Bit.

免责声明

  • 如果您不签署程序集,则不确定这些是否有效.
  • 使用风险自负,我不是任何标准的安全专家.

这篇关于是 ConfigurationManage ->section.SectionInformation.ProtectSection() 机器依赖?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆