在web.config文件加密和存储密码 [英] Encrypt and store password in web.config file
问题描述
我在我的web.config文件中的下列信息。
I have the following information in my web.config file.
<appSettings>
<add key="AdminUsername" value="User1"/>
<add key="AdminPassword" value="Password1"/>
</appSettings>
我怎么对它进行加密和存储?
我该如何解密和使用?
how do I encrypt it and store? how do I decrypt and use?
推荐答案
使用加密或aspnet_regiis的配置部分相当于API的缺点是加密整个部分。
The drawback of encrypting configuration sections using aspnet_regiis or the equivalent APIs is that it encrypts entire sections.
从安全角度好,但它使得它更难以管理员在同一节检查其他非敏感的配置数据。的appSettings是管理员会经常要检查的部分。
Good from a security perspective, but it makes it more difficult for an administrator to inspect other non-sensitive configuration data in the same section. appSettings is a section which an administrator will often want to inspect.
一种选择是把你的证书在不同的部分(如创建在℃的虚拟连接字符串;是connectionStrings&GT;
部分)和加密仅此部分:
One option is to put your credentials in a different section (e.g. create a dummy connection string in the <connectionStrings>
section) and encrypt only this section:
<connectionStrings>
...
<add key="AdminCredentials"
providerName=""
connectionString="Username=...;Password=..." />
</connectionStrings>
您当然会写code解析虚拟连接字符串(String.Split)并提取凭证。类似如下(省略错误处理的简单):
You will of course have to write code to parse the dummy connection string (String.Split) and extract the credentials. Something like the following (omitting error handling for simplicity):
string s = ConfigurationManager.ConnectionStrings["AdminCredentials"].ConnectionString;
string[] tokens = s.Split(';');
string userName = tokens[0].Split('=')[1];
string password = tokens[1].Split('=')[1];
...
通过这样做,你可以留下您的appSettings部分未加密的。
By doing this, you can leave your appSettings section unencrypted.
这篇关于在web.config文件加密和存储密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!