“&"字符中断存储在 web.config 中的密码 [英] The "&" character breaks passwords that are stored in the web.config

问题描述

我有一个在 IIS 7.5 上运行的 ASP.NET MVC3 C# .NET 应用程序.

I have an ASP.NET MVC3 C# .NET Application running on IIS 7.5.

我们在代码中模拟了一个 Windows NT 服务帐户，以便将文档读/写到文件共享.用户 id 编译在代码中，服务帐户密码存储在 web.config 文件中.

We have a Windows NT service account we Impersonate in our code in order to read/write documents to a file share. The user id is compiled in the code and the service account password is stored in the web.config file.

密码包含一个与字符(即:p&ssword).

The password contains an ampersand character (i.e.: p&ssword).

这破坏了网站.访问网站时，我们收到此错误:抱歉，处理您的请求时出错".

This broke the site. When accessing the site we received this error :"Sorry, an error occurred while processing your request".

这是使用密码的代码:

    var password = ConfigurationManager.AppSettings.Get(Common.SVC_PWD);

    bool isSuccess = LogonUser(
        @"my_svc_acct",
        "my.domain.net",
        password,
        LOGON32_LOGON_NEW_CREDENTIALS,
        LOGON32_PROVIDER_DEFAULT, ref token
    );

为什么这会导致网站崩溃?

Why would this cause the site to break?

推荐答案

我怀疑您没有在 web.config 文件中正确编码密码.请记住，web.config 是一个 XML 文件，因此必须对实体进行编码.

I suspect that you didn't encode the password properly in the web.config file. Remember that web.config is a XML file, so entities must be encoded.

代替

my&password 

试试

my&password

您可以使用诸如 FreeFormatter.com 之类的网站来转义/取消转义 XML 字符串.

You can use sites such as FreeFormatter.com to escape/unescape XML strings.

这篇关于“&"字符中断存储在 web.config 中的密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！