在web.config文件加密和存储密码 [英] Encrypt and store password in web.config file

问题描述

我在我的web.config文件中的下列信息。

I have the following information in my web.config file.

<appSettings>
<add key="AdminUsername" value="User1"/>
<add key="AdminPassword" value="Password1"/>
</appSettings>

我怎么对它进行加密和存储？
我该如何解密和使用？

how do I encrypt it and store? how do I decrypt and use?

推荐答案

使用加密或aspnet_regiis的配置部分相当于API的缺点是加密整个部分。

The drawback of encrypting configuration sections using aspnet_regiis or the equivalent APIs is that it encrypts entire sections.

从安全角度好，但它使得它更难以管理员在同一节检查其他非敏感的配置数据。的appSettings是管理员会经常要检查的部分。

Good from a security perspective, but it makes it more difficult for an administrator to inspect other non-sensitive configuration data in the same section. appSettings is a section which an administrator will often want to inspect.

一种选择是把你的证书在不同的部分（如创建在℃的虚拟连接字符串;是connectionStrings＆GT; 部分）和加密仅此部分：

One option is to put your credentials in a different section (e.g. create a dummy connection string in the <connectionStrings> section) and encrypt only this section:

<connectionStrings>
   ...
   <add key="AdminCredentials" 
        providerName="" 
        connectionString="Username=...;Password=..." />
</connectionStrings>

您当然会写code解析虚拟连接字符串（String.Split）并提取凭证。类似如下（省略错误处理的简单）：

You will of course have to write code to parse the dummy connection string (String.Split) and extract the credentials. Something like the following (omitting error handling for simplicity):

string s = ConfigurationManager.ConnectionStrings["AdminCredentials"].ConnectionString;
string[] tokens = s.Split(';');
string userName = tokens[0].Split('=')[1];
string password = tokens[1].Split('=')[1];
...

通过这样做，你可以留下您的appSettings部分未加密的。

By doing this, you can leave your appSettings section unencrypted.

这篇关于在web.config文件加密和存储密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！