使用ASPNet_Regiis加密自定义配置部分 - 你能做到吗？ [英] Using ASPNet_Regiis to encrypt custom configuration section - can you do it?

问题描述

我有一个具有自定义配置部分的Web应用程序。该部分包含我要加密的信息（希望使用ASPNet_RegIIS而不是自己使用）。

Web.Config：

 <？xml version =1.0？> 
 
< configuration xmlns =http://schemas.microsoft.com/.NetConfiguration/v2.0> 
< configSections> 
< section name =MyCustomSection
 type =MyNamespace.MyCustomSectionHandler，MyAssembly/> 
< / configSections> 
< configProtectedData> 
< providers> 
< clear /> 
< add name =DataProtectionConfigurationProvider
 type =System.Configuration.RsaProtectedConfigurationProvider，System.Configuration，Version = 2.0.0.0，
 Culture = neutral，PublicKeyToken = b03f5f7f11d50a3a，
 processorArchitecture = MSIL
 keyContainerName =MyKeyContainer
 useMachineContainer =true/> 
< / providers> 
< / configProtectedData> 
< MyCustomSection> 
< blah name =blah1> 
< blahChild name =blah1Child1/> 
< / blah> 
< / MyCustomSection> 
  

配置处理程序在尝试加密之前工作得很好。当我尝试加密它：

aspnet_regiis -pefMyCustomSection
c：\inetpub\wwwroot\MyWebsite -prov
DataProtectionConfigurationProvider

我收到错误：

加密配置部分...
创建
配置节处理程序
MyCustomSection：无法加载文件
或程序集MyAssembly或$其中一个
依赖关系。系统找不到
指定的文件。
（c：\inetpub\wwwroot\MyWebsite\web.config
line 5）

我已经尝试/没有提供者配置。有/无段组。有/没有手头开始网站。我试着暂时把我的议会放在GAC注册。我也试过我的log4net部分只是为了尝试不是我的东西，没有运气。我以管理员身份运行命令提示符。有任何想法吗？或者ASPNet_RegIIS是不是用于自定义的部分？

查看 MSDN 正在将我的处理程序更改为继承自ConfigurationSection，而不是实现IConfigurationSectionHandler，因为它在2.0技术上已被弃用（希望它是关于aspnet_regiis版本的东西）。没有运气。

任何想法让我知道。谢谢！

解决方案

aspnet_regiis 必须能够绑定程序集。正常的.net绑定规则适用。

我通过在与 aspnet_regiis相同的目录中创建名为 aspnet_regiis_bin 的目录来解决这个问题。 exe 和一个 aspnet_regiis.exe.config 文件与 aspnet_regiis_bin 作为这样的私有路径：

 < configuration> 
<运行时> 
< assemblyBinding xmlns =urn：schemas-microsoft-com：asm.v1> 
< probing privatePath =aspnet_regiis_bin/> 
< / assemblyBinding> 
< / runtime> 
< / configuration> 
  

然后，将定义自定义配置节的程序集复制到 aspnet_regiis_bin ，以便 aspnet_regiis 可以找到它们。

此过程不需要程序集强名称或在GAC中，但是在框架目录中需要混淆。

I have a web application with a custom configuration section. That section contains information I'ld like to encrypt (was hoping to use ASPNet_RegIIS rather than do it myself).

Web.Config:

<?xml version="1.0"?>

    <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
      <configSections>
          <section name="MyCustomSection" 
                   type="MyNamespace.MyCustomSectionHandler, MyAssembly"/>
    </configSections>
<configProtectedData>
    <providers>
      <clear />
      <add name="DataProtectionConfigurationProvider"
           type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,
                   Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,
                   processorArchitecture=MSIL"
           keyContainerName="MyKeyContainer"
           useMachineContainer="true" />
    </providers>
  </configProtectedData>
    <MyCustomSection>
       <blah name="blah1">
          <blahChild name="blah1Child1" />
       </blah>
    </MyCustomSection>

The configuration handler works great before trying to encrypt it. When I try to encrypt it with:

aspnet_regiis -pef "MyCustomSection" c:\inetpub\wwwroot\MyWebsite -prov DataProtectionConfigurationProvider

I get an error:

Encrypting configuration section... An error occurred creating the configuration section handler for MyCustomSection: Could not load file or assembly 'MyAssembly' or one of its dependencies. The system cannot find the file specified. (c:\inetpub\wwwroot\MyWebsite\web.config line 5)

I have tried with/without the provider configured. With/without section groups. With/Without having started the website before hand. I've tried temporarily putting my assembly in the GAC for the registration. I also tried my log4net section just to try something that wasn't mine, with no luck. I've run the command prompt as Administrator. Any ideas? Or can ASPNet_RegIIS just not be used for custom sections?

One final shot after viewing MSDN was changing my handler to inherit from ConfigurationSection rather than implementing IConfigurationSectionHandler since it was technically deprecated in 2.0 (hoping it was something regarding aspnet_regiis version). No luck there either.

Any ideas let me know. Thanks!

解决方案

aspnet_regiis must be able to bind the assembly. The normal .net binding rules apply.

I get around this by creating directory called aspnet_regiis_bin in the same directory as aspnet_regiis.exe and an aspnet_regiis.exe.config file with aspnet_regiis_bin as a private path like this:

<configuration>
   <runtime>
      <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
         <probing privatePath="aspnet_regiis_bin"/>
      </assemblyBinding>
   </runtime>
</configuration>

I then copy the assemblies that define the custom configuration sections into aspnet_regiis_bin so that aspnet_regiis can find them.

This procedure doesn't require the assemblies to be strong named or in the GAC but does require messing around in the framework directories.

这篇关于使用ASPNet_Regiis加密自定义配置部分 - 你能做到吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！