在MVC2 .NET 4.0的应用程序加密的ConnectionString [英] Connectionstring Encryption in MVC2 .NET 4.0 app
问题描述
我有一个MVC2 .NET 4.0的应用程序,托管于2008年TFS(即将2010 TFS),使用连接字符串中的的web.config 连接到数据库另一个服务器。我需要加密这些连接字符串。
据我了解,我可以使用 ASPNET_REGIIS.EXE 到的ConnectionString部分加密的web.config 文件中的但我必须这样做部署的机器上的,因为加密使用计算机名称以生成加密密钥。
现在,在我看来,这再presents一个问题 - 每当我部署我的code到开发服务器时间不会它覆盖web.config文件,并需要重新加密?这种类型的手动过程似乎缺憾。
-
是我关于需要正确部署后重新加密的理解?
-
如果是这样,有一些方法来自动完成这一过程?我不想忘记这还是得到一个新的团队成员谁不知道的进程,并接触到全世界的ConnectionString。
web.config文件中有一个部署通常不会一部分(虽然Visual Studio 2010中支持的配置文件转换在Web应用程序部署项目)。我不指望你应该覆盖的web.config在部署(因为web.config文件是您将放置那些特定于该机器/环境的东西。
所以,一旦加密,然后不要覆盖它,将是我的建议。
既然是不是在您的情况可,有可能加密时指定一个键,这样就可以共享机器之间的加密文件。默认情况下,加密命令使用DPAPI加密部分(这是联系在一起的机器),但你也可以使用RSA加密。更多信息请参阅MSDN上的指定保护配置提供商。
I have an MVC2 .NET 4.0 app, hosted on TFS 2008 (soon to be TFS 2010) that uses connection strings in web.config to connect to a database on another server. I need to encrypt these connection strings.
As I understand it, I can use aspnet_regiis.exe to encrypt the connectionstring portion of the web.config file, but I have to do it on the deployment machine because the encryption uses the machine name to generate the encryption key.
Now, it seems to me that this represents a problem - every time I deploy my code to the dev server won't it overwrite the web.config file, and need to be re-encrypted? This sort of manual process seems kludgy.
Is my understanding about needing to re-encrypt after deployment correct?
If so, is there some way to automate this process? I don't want to forget this or get a new team member who doesn't know the process and have the connectionstring exposed to the world.
web.config files aren't typically part of a deployment (though Visual Studio 2010 supports configuration file transforms in web application deployment projects). I wouldn't expect that you should be overwriting the web.config when you deploy (because the web.config is where you would place those things that are specific to that machine/environment.
So, encrypt it once, and then don't overwrite it, would be my advice.
Since that isn't available in your situation, it is possible to specify a key when encrypting, so that you can share the encrypted file between machines. By default, the command to encrypt uses the DPAPI to encrypt the section (which is tied to the machine) but you can also use RSA for encryption. More info is available on MSDN in Specifying a Protected Configuration Provider.
这篇关于在MVC2 .NET 4.0的应用程序加密的ConnectionString的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
