如何在使用 WiX 安装期间加密 app.config 文件部分? [英] How do I encrypt app.config file sections during install with WiX?

问题描述

我找到了一个在安装过程中加密 web.config 的例子 此处，但我的应用程序是 Windows 服务.aspnetreg_iis 方法仅适用于 web.config 文件.

I have found an example for encrypting a web.config during installation here, but my app is a windows service. The aspnetreg_iis method works only for web.config files.

我知道如何以编程方式加密配置文件，但我认为使用 WiX 无法做到这一点.我错了吗?有什么想法吗?

I know how to programatically encrypt the config file, but I don't think I can do that using WiX. Am I wrong? Any ideas?

推荐答案

这是我最终的结果...

Here is what I ended up with...

我使用 WiX 和 DTF 创建了一个托管代码自定义操作来加密配置文件的给定部分:

I used WiX and DTF to created a managed code Custom Action to encrypt a given section of a config file:

    public static void EncryptConfig(Session session)
    {

        var configPath = session["APPCONFIGPATH"];
        var sectionToEncrypt = session["SECTIONTOENCRYPT"];

        var fileMap = new ExeConfigurationFileMap();
        fileMap.ExeConfigFilename = configPath;
        var configuration = ConfigurationManager.OpenMappedExeConfiguration(fileMap, ConfigurationUserLevel.None);
        ConfigurationSection section = configuration.GetSection(sectionToEncrypt);

        if (!section.SectionInformation.IsProtected)
        {
            section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
            section.SectionInformation.ForceSave = true;
            configuration.Save(ConfigurationSaveMode.Modified);

        }
    }

我缺乏理解导致这个问题的部分原因是不知道您可以使用 DTF 在托管代码中安全地创建自定义操作.DTF 上的文档很少，但是一旦你开始工作，它就很棒.

Part of my lack of understanding that prompted this question was not knowing that you can safely create custom actions in managed code using DTF. Documentation is sparse on DTF, but once you get it working, it is great.

我发现这仅在我在 InstallFinalize 之后安排自定义操作时才有效.

I found that this only worked if I scheduled the custom action after InstallFinalize.

这是实现它的 WiX 配置:

Here is the WiX config to make it happen:

<InstallExecuteSequence>
  <Custom Action="EncryptConfigurationFiles" After="InstallFinalize" />
</InstallExecuteSequence>

<Fragment>
    <Binary Id="YourProject.CustomActions.dll" SourceFile="$(var.YourProject.CustomActions.TargetDir)$(var.YourProject.CustomActions.TargetName).CA.dll" />
    <CustomAction Id="EncryptConfigurationFiles" BinaryKey="YourProject.CustomActions.dll" DllEntry="EncryptConfig" Return="check" />
</Fragment>

这些博客/网站帮助我实现了目标，上面的大部分代码都源自它们:

These blogs/sites helped me get there and much of the code from above was derived from them:

http://geekswithblogs.net/afeng/Default.aspxhttp://blog.torresdal.net/2008/10/24/WiXAndDTFUsingACustomActionToListAvailable.aspxaspxhttp://blogs.msdn.com/jasongin/archive/2008/07/09/votive-project-platform-configurations.aspx

@PITADeveloper...感谢您的回复.我发现我不需要加载程序集来加密配置文件.

@PITADeveloper... Thanks for the response. I found that I did not need to load the assembly to encrypt the config file.

如果你使用这个，你应该使用 try catch 并返回一个 ActionResult... 以上是伪代码.

If you use this, you should use a try catch and return an ActionResult... The above is pseudo-code.

最后，我正在使用 DataProtectionConfigurationProvider.对于 RSA 提供商，我认为还有更多的障碍需要克服.

Finally, I'm using the DataProtectionConfigurationProvider. For the RSA Provider, I think there are a couple more hoops to jump through.

我希望这对某人有所帮助！

I hope this helps someone!

这篇关于如何在使用 WiX 安装期间加密 app.config 文件部分?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！