ASP.NET MVC 4 - 我应该如何加密连接字符串,我的生产SQL服务器? [英] ASP.NET MVC 4 - How should I encrypt the connection string to my production SQL server?
问题描述
我有一个ASP.NET MVC 4项目,该项目将被部署到Azure的生产,在生产中我使用SQL Azure数据库。我的问题是,我想只有在生产部署连接到SQL Azure数据库,而不是开发时,的和的是,SQL Azure的连接字符串应该被加密。
I have an ASP.NET MVC 4 project which is to be deployed to Azure for production, in production I use a SQL Azure database. My problem is that I want to connect to the SQL Azure database only in the production deployment, and not when developing, and that the SQL Azure connection string should be encrypted.
现在,我可以解决通过Web.config中的第一个要求变换,从而使数据库连接字符串能够顺利通过部署取代天青。不过,我看不出这与连接字符串加密结合起来?如何才能部署当一个既加密SQL Azure的连接字符串,并用它替换的发展连接字符串?此方案的最佳实践将是最欢迎的:)
Now, I can solve the first requirement through a Web.config transform, so that the database connection string gets substituted upon deployment to Azure. However, I don't see how to combine this with connection string encryption? How can one both encrypt the SQL Azure connection string and substitute it for the development connection string when deploying? Best practices for this scenario would be most welcome :)
推荐答案
我觉得这里很好的解决方案是输入生产<是connectionStrings> 部分插入的Web.config并对其进行加密,然后将加密<&是connectionStrings GT; 部分到转换文件(如Web.Release.config)和标注,以便它替换整个<&是connectionStrings GT; 在转变部分。这样可以完成与其他也在生产加密连接字符串Web.config文件部署的目标。
I think a good solution here is to type the production <connectionStrings> section into Web.config and encrypt it, and then move the encrypted <connectionStrings> section into the transform file (e.g. Web.Release.config) and annotate it so that it replaces the whole <connectionStrings> section upon transformation. This accomplishes the goal of deploying Web.config with production connection strings that are also encrypted.
我已经遵循保护您的连接字符串中的Windows Azure的引导,部分的 1 , 2 ,的 3 和的 4 了解如何加密Web.config文件。我认为,一个完整的参考,其他人也这样做。我将概述我进行解决我的方案的主要步骤。
I've followed the guide in "Securing Your Connection String in Windows Azure", parts 1, 2, 3 and 4 to understand how to encrypt Web.config. I suggest that for a full reference, others do the same. I will outline the main steps I've performed to solve my scenario.
更新℃之后是connectionStrings&gt;在Web.config中生产设置部分,我装的 PKCS12保护配置提供商和ASPNET_REGIIS.EXE跑到加密部分(在Visual Studio的命令提示符下,位于项目目录):
After updating the <connectionStrings> section in Web.config with production settings, I installed the Pkcs12 Protected Configuration Provider and ran aspnet_regiis.exe to encrypt the section (in a Visual Studio command prompt, situated in the project directory):
aspnet_regiis -pef "connectionStrings" "." -prov "CustomProvider"
我还添加了 CustomProvider 的定义Web.config文件:
I also added a definition of CustomProvider to Web.config:
<configProtectedData>
<providers>
<add name="CustomProvider" thumbprint="<your thumbprint here>"
type="Pkcs12ProtectedConfigurationProvider.Pkcs12ProtectedConfigurationProvider, PKCS12ProtectedConfigurationProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=34da007ac91f901d"/>
</providers>
</configProtectedData>
后来我搬到了加密&LT;&是connectionStrings GT; 部分插入Web.Release.config(用于在部署天青改造Web.config文件),并注明了部分以替换Web.config中的相应部分:
Afterwards I moved the encrypted <connectionStrings> section into Web.Release.config (which is used to transform Web.config upon deployment to Azure), and annotated the section so that it replaces the corresponding section in Web.config:
connectionStrings configProtectionProvider="CustomProvider" xdt:Transform="Replace">
...
</connectionStrings>
我终于恢复了发展&LT;是connectionStrings&gt;在Web.config中部分。我已经测试这个解决方案,发现部署Web.config文件包含加密&LT;是connectionStrings方式&gt; 部分,正如我在
Finally I restored the development <connectionStrings> section in Web.config. I have tested this solution and found that the deployed Web.config contains the encrypted <connectionStrings> section, just as I was after.
这篇关于ASP.NET MVC 4 - 我应该如何加密连接字符串,我的生产SQL服务器?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
