使用 ASPNet_Regiis 加密自定义配置部分 - 你能做到吗?
我有一个带有自定义配置部分的网络应用程序。 该部分包含我想要加密的信息(希望使用 ASPNet_RegIIS 而不是自己加密)。
Web.Config:
<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<configSections>
<section name="MyCustomSection"
type="MyNamespace.MyCustomSectionHandler, MyAssembly"/>
</configSections>
<configProtectedData>
<providers>
<clear />
<add name="DataProtectionConfigurationProvider"
type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,
processorArchitecture=MSIL"
keyContainerName="MyKeyContainer"
useMachineContainer="true" />
</providers>
</configProtectedData>
<MyCustomSection>
<blah name="blah1">
<blahChild name="blah1Child1" />
</blah>
</MyCustomSection>
配置处理程序在尝试加密之前运行良好。 当我尝试用以下方法加密它时:
aspnet_regiis -pef“MyCustomSection” c:\inetpub\wwwroot\MyWebsite -prov 数据保护配置提供程序
我收到错误:
正在加密配置部分... 创建时发生错误 配置节处理程序 MyCustomSection:无法加载文件 或程序集“MyAssembly”或其之一 依赖关系。 系统找不到 指定的文件。 (c:\inetpub\wwwroot\MyWebsite\web.config 第 5 行)
我尝试过配置/不配置提供程序。 有/无截面组。 事先有/没有启动网站。 我尝试暂时将程序集放入 GAC 中进行注册。 我还尝试了我的 log4net 部分,只是为了尝试一些不属于我的东西,但没有运气。 我已以管理员身份运行命令提示符。 有任何想法吗? 或者 ASPNet_RegIIS 不能用于自定义部分吗?
查看 MSDN 后的最后一击是将我的处理程序更改为继承自 ConfigurationSection 而不是实现 IConfigurationSectionHandler,因为它在 2.0 中技术上已被弃用(希望它与 aspnet_regiis 版本有关)。 那里也没有运气。
任何想法让我知道。 谢谢!
I have a web application with a custom configuration section. That section contains information I'ld like to encrypt (was hoping to use ASPNet_RegIIS rather than do it myself).
Web.Config:
<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<configSections>
<section name="MyCustomSection"
type="MyNamespace.MyCustomSectionHandler, MyAssembly"/>
</configSections>
<configProtectedData>
<providers>
<clear />
<add name="DataProtectionConfigurationProvider"
type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a,
processorArchitecture=MSIL"
keyContainerName="MyKeyContainer"
useMachineContainer="true" />
</providers>
</configProtectedData>
<MyCustomSection>
<blah name="blah1">
<blahChild name="blah1Child1" />
</blah>
</MyCustomSection>
The configuration handler works great before trying to encrypt it. When I try to encrypt it with:
aspnet_regiis -pef "MyCustomSection"
c:\inetpub\wwwroot\MyWebsite -prov
DataProtectionConfigurationProvider
I get an error:
Encrypting configuration section... An
error occurred creating the
configuration section handler for
MyCustomSection: Could not load file
or assembly 'MyAssembly' or one of its
dependencies. The system cannot find
the file specified.
(c:\inetpub\wwwroot\MyWebsite\web.config
line 5)
I have tried with/without the provider configured. With/without section groups. With/Without having started the website before hand. I've tried temporarily putting my assembly in the GAC for the registration. I also tried my log4net section just to try something that wasn't mine, with no luck. I've run the command prompt as Administrator. Any ideas? Or can ASPNet_RegIIS just not be used for custom sections?
One final shot after viewing MSDN was changing my handler to inherit from ConfigurationSection rather than implementing IConfigurationSectionHandler since it was technically deprecated in 2.0 (hoping it was something regarding aspnet_regiis version). No luck there either.
Any ideas let me know. Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
aspnet_regiis必须能够绑定程序集。 适用正常的 .net 绑定规则。我通过在与
aspnet_regiis.exe相同的目录中创建名为aspnet_regiis_bin的目录和一个aspnet_regiis.exe.config文件来解决这个问题aspnet_regiis_bin 作为私有路径,如下所示:然后,我将定义自定义配置部分的程序集复制到
aspnet_regiis_bin中,以便aspnet_regiis可以找到它们。此过程不要求程序集具有强命名或位于 GAC 中,但确实需要在框架目录中进行混乱。
aspnet_regiismust be able to bind the assembly. The normal .net binding rules apply.I get around this by creating directory called
aspnet_regiis_binin the same directory asaspnet_regiis.exeand anaspnet_regiis.exe.configfile withaspnet_regiis_binas a private path like this:I then copy the assemblies that define the custom configuration sections into
aspnet_regiis_binso thataspnet_regiiscan find them.This procedure doesn't require the assemblies to be strong named or in the GAC but does require messing around in the framework directories.
我正在使用一种解决方法,临时注释掉 configSections 元素的内容:
然后您可以像往常一样使用
aspnet_regiis -pef运行加密。 运行后,只需取消注释该部分,您的站点就可以运行了。I am using a workaround whereby I temporarly comment out the contents of the configSections element:
You can then run the encryption using
aspnet_regiis -pefas usual. After this has run just uncomment the section and your site is ready to run.这是一个彻底的黑客攻击,但我不确定是否还有另一种方法可以做到这一点,而无需对定义自定义部分的程序集进行强命名并对其进行 GAC 化(尽管您提到这也不起作用,而且我不确定为什么不会)。 由于 aspnet_regiis 运行在 < 驱动器>:\Windows\Microsoft.Net\Framework\< 版本> 文件夹(在 WinXP 中),您可以将定义配置部分的 DLL 复制到相关的 Framework\< 版本> 文件夹,然后它应该可以工作。
This is a total hack, but I'm not sure that there's another way to do it without strongly naming the assembly that defines your custom section and GACifying it (although you mentioned that didn't work, either, and I'm not sure why it wouldn't). Since aspnet_regiis runs in the < drive >:\Windows\Microsoft.Net\Framework\< version > folder (in WinXP), you can copy the DLL that defines your config section into the relevant Framework\< version > folder, and then it should work.
作为记录,我最终得到了一个小维护页面来为我做这件事。
注意事项:您的进程将需要对正在修改的配置文件进行写访问。 您需要某种方式来授权谁可以运行它。 您通常 保存后重新启动网站。
For the record, I ended up with a little maintenance page to do this for me.
Caveats: Your process will need write access to the config files being modified. You'll want some way to authorize who can run this. You'll generally restart the website when you Save.
显示为正确的答案是正确的。 我想添加评论,但无法添加,因为评论太长(示例配置条目)。
节名称应使用程序集的全名。 运行时程序集限定不适用于 aspnet_regiis.exe。
这可行:
但这不起作用:
The answer that is shown as correct is correct. I wanted to add a comment but could not because this is too long of a comment (sample config entries).
The section name should use the full name of the assemblies. A runtime assembly qualification does not work with aspnet_regiis.exe.
This WORKS:
But this DOESN'T WORK: