当前位置: 文江博客话题详情

保护 Web 应用程序之外的 web.config 部分

发布于 2024-10-11 01:59:32 字数 495 浏览 3 评论 0原文

我想创建一个 msbuild 任务来加密 web.configs 的某些部分。以下代码在 weapplication 中运行良好。作为 msbuild 运行代码会导致错误,指出它无法创建配置文件。

System.Configuration.Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section = config.GetSection(sectionName);

if (section != null && !section.SectionInformation.IsProtected)
{
    section.SectionInformation.ProtectSection(provider);
    config.Save();
}

我找不到任何可以完成正确工作的类。有人有想法吗?

原文

I want to create a msbuild task which encrypts certain sections of my web.configs. The following code works great inside a weapplication. Running the code as an msbuild causes an error saying it cannot create the config file..

System.Configuration.Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section = config.GetSection(sectionName);

if (section != null && !section.SectionInformation.IsProtected)
{
    section.SectionInformation.ProtectSection(provider);
    config.Save();
}

I couldn't find any classes which do the right job. Ideas anyone?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

九歌凝 2024-10-18 01:59:32

您应该创建自己的自定义 MSBuild 任务。

下面的代码是一个自定义任务。

我已经使我的应用程序(winforms)具有功能,但我标记了您可以更改的基于网络的行。

我创建了一个带有 2 个子类的抽象类来处理加密和解密。

干杯!

namespace MyCompany.MSBuild.Tasks.Security
{

    using System;
    using System.Linq;
    using System.Diagnostics;
    using System.Configuration;
    //using System.Web.Configuration;

    using Microsoft.Build.Framework;
    using Microsoft.Build.Utilities;

    public abstract class ConfigurationProtectorBaseTask : Task
    {
        private static readonly string RSA_PROVIDER = "RSAProtectedConfigurationProvider";
        private static readonly string DATA_PROTECTION_PROVIDER = "DataProtectionConfigurationProvider";

        /// <summary>
        /// Gets or sets the ExePath.  This would be the name of the .exe (or .dll) which has a corresponding .config associated with it.
        /// </summary>
        /// <value>The ExePath.</value>
        [Required]
        public string ExePath { get; set; }

        /// <summary>
        /// Gets or sets the SectionName of the configuration file you are trying to encrypt.
        /// </summary>
        /// <value>The SectionName.</value>
        [Required]
        public string SectionName { get; set; }

        /// <summary>
        /// Gets or sets the Provider.
        /// </summary>
        /// <value>The Provider.</value>
        [Required]
        public string Provider { get; set; }

        /// <summary>
        /// Task Entry Point.
        /// </summary>
        /// <returns></returns>
        public override bool Execute()
        {
            if (!String.IsNullOrEmpty(this.Provider))
            {
                if (String.Equals(this.Provider, DATA_PROTECTION_PROVIDER, StringComparison.OrdinalIgnoreCase) || String.Equals(this.Provider, RSA_PROVIDER, StringComparison.OrdinalIgnoreCase))
                { }
                else
                {
                    Log.LogWarning(string.Format("Provider must be either '{0}' or '{1}'. Your value was '{2}'.", DATA_PROTECTION_PROVIDER, RSA_PROVIDER, this.Provider));
                    return false;
                }
            }

            if (!String.IsNullOrEmpty(this.ExePath))
            {
                Log.LogCommandLine(string.Format("{0}", this.ExePath));
                Console.WriteLine(this.ExePath);
            }

            InternalExecute();
            return !Log.HasLoggedErrors;
        }

        protected abstract void InternalExecute();

        protected Configuration GetConfiguration()
        {
            //WebVersion
            //Configuration config = WebConfigurationManager.OpenWebConfiguration(this.ApplicationPath);

            //NonAspNet version
            Configuration config = ConfigurationManager.OpenExeConfiguration(ExePath);

            return config;
        }

    }
}




namespace MyCompany.MSBuild.Tasks.Security
{
    using System;
    using System.Linq;
    using System.Diagnostics;
    using System.Configuration;
    using System.Web.Configuration;

    using Microsoft.Build.Framework;
    using Microsoft.Build.Utilities;

    public class ConfigurationProtectorEncrypterTask : ConfigurationProtectorBaseTask 
    {

        /// <summary>
        /// Internal Execute Wrapper.
        /// </summary>
        protected override void InternalExecute()
        {
            Configuration config = base.GetConfiguration();
            ConfigurationSection section = config.GetSection(this.SectionName);
            if (section != null && !section.SectionInformation.IsProtected)
            {
                section.SectionInformation.ProtectSection(this.Provider);
                config.Save();
            }
        }

    }
}









namespace MyCompany.MSBuild.Tasks.Security
{
    using System;
    using System.Linq;
    using System.Diagnostics;
    using System.Configuration;
    using System.Web.Configuration;

    using Microsoft.Build.Framework;
    using Microsoft.Build.Utilities;

    public class ConfigurationProtectorDecrypterTask : ConfigurationProtectorBaseTask
    {

        /// <summary>
        /// Internal Execute Wrapper.
        /// </summary>
        protected override void InternalExecute()
        {
            Configuration config = base.GetConfiguration();
            ConfigurationSection section = config.GetSection(this.SectionName);
            if (section != null && section.SectionInformation.IsProtected)
            {
                section.SectionInformation.UnprotectSection();
                config.Save();
            }
        }

    }
}









::::Save this as: ConfigurationProtectorTaskTest.msbuild 

<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="AllTargetsWrapper" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">

  <UsingTask AssemblyFile="MyCompany.MSBuild.dll" TaskName="ConfigurationProtectorEncrypterTask"/>
  <UsingTask AssemblyFile="MyCompany.MSBuild.dll" TaskName="ConfigurationProtectorDecrypterTask"/>


  <Target Name="AllTargetsWrapper">
    <CallTarget Targets="ConfigurationProtectorEncrypterTask1" />
    <CallTarget Targets="ConfigurationProtectorDecrypterTask2" />
  </Target>


  <PropertyGroup>
    <MyExePath>C:\SomeFolder\MyCompany.SomeExe.exe</MyExePath>
    <MySectionName>connectionStrings</MySectionName>
    <MyProvider>RSAProtectedConfigurationProvider</MyProvider>
  </PropertyGroup>



  <Target Name="ConfigurationProtectorEncrypterTask1">
    <ConfigurationProtectorEncrypterTask ExePath="$(MyExePath)" SectionName="$(MySectionName)" Provider="$(MyProvider)">
    </ConfigurationProtectorEncrypterTask>
  </Target>


  <Target Name="ConfigurationProtectorDecrypterTask2">
    <ConfigurationProtectorDecrypterTask ExePath="$(MyExePath)" SectionName="$(MySectionName)" Provider="$(MyProvider)">
    </ConfigurationProtectorDecrypterTask>

  </Target>



</Project>





:REM BAT FILE TO CALL THE ABOVE .msbuild file

call "%VS90COMNTOOLS%\vsvars32.bat"
del *.log
msbuild /target:ConfigurationProtectorEncrypterTask1 ConfigurationProtectorTaskTest.msbuild /l:FileLogger,Microsoft.Build.Engine;logfile=ConfigurationProtectorEncrypterTask1.log
msbuild /target:ConfigurationProtectorDecrypterTask2 ConfigurationProtectorTaskTest.msbuild /l:FileLogger,Microsoft.Build.Engine;logfile=ConfigurationProtectorDecrypterTask2.log

这也会有帮助:
http://www.codeproject.com/KB/dotnet/EncryptingTheAppConfig.aspx
http://www.beansoftware.com/ASP.NET-Tutorials/Encrypting-Connection-String.aspx

但是封装到 MSBuild 任务中是我的贡献。

上面的第二个 URL 还提到了命令行方法:

Here is that引用的材料(部分引用):::

Encryption/Decryption using aspnet_regiis.exe command line tool

您还可以使用以下命令加密和解密 Web.config 文件中的部分aspnet_regiis.exe 命令行工具,可以在\Microsoft.Net\Framework\version 目录中找到。要使用此命令行工具使用 DPAPI 计算机密钥加密 Web.config 的一部分,请使用以下命令。

aspnet_regiis.exe -pe "connectionStrings" -app "/YourWebSiteName" –prov "DataProtectionConfigurationProvider"

要使用此工具解密connectionStrings部分,您可以在aspnet_iisreg.exe工具中指定以下命令。

aspnet_regiis.exe -pd“connectionStrings”-app“/YouWebSiteName”

You should create your own custom MSBuild task.

The below code is a custom task.

I've made mine application(winforms) capable, but I marked the lines you can change for web based.

I've created an abstract class with 2 subclasses to handle encrypt and decryption.

Cheers!

namespace MyCompany.MSBuild.Tasks.Security
{

    using System;
    using System.Linq;
    using System.Diagnostics;
    using System.Configuration;
    //using System.Web.Configuration;

    using Microsoft.Build.Framework;
    using Microsoft.Build.Utilities;

    public abstract class ConfigurationProtectorBaseTask : Task
    {
        private static readonly string RSA_PROVIDER = "RSAProtectedConfigurationProvider";
        private static readonly string DATA_PROTECTION_PROVIDER = "DataProtectionConfigurationProvider";

        /// <summary>
        /// Gets or sets the ExePath.  This would be the name of the .exe (or .dll) which has a corresponding .config associated with it.
        /// </summary>
        /// <value>The ExePath.</value>
        [Required]
        public string ExePath { get; set; }

        /// <summary>
        /// Gets or sets the SectionName of the configuration file you are trying to encrypt.
        /// </summary>
        /// <value>The SectionName.</value>
        [Required]
        public string SectionName { get; set; }

        /// <summary>
        /// Gets or sets the Provider.
        /// </summary>
        /// <value>The Provider.</value>
        [Required]
        public string Provider { get; set; }

        /// <summary>
        /// Task Entry Point.
        /// </summary>
        /// <returns></returns>
        public override bool Execute()
        {
            if (!String.IsNullOrEmpty(this.Provider))
            {
                if (String.Equals(this.Provider, DATA_PROTECTION_PROVIDER, StringComparison.OrdinalIgnoreCase) || String.Equals(this.Provider, RSA_PROVIDER, StringComparison.OrdinalIgnoreCase))
                { }
                else
                {
                    Log.LogWarning(string.Format("Provider must be either '{0}' or '{1}'. Your value was '{2}'.", DATA_PROTECTION_PROVIDER, RSA_PROVIDER, this.Provider));
                    return false;
                }
            }

            if (!String.IsNullOrEmpty(this.ExePath))
            {
                Log.LogCommandLine(string.Format("{0}", this.ExePath));
                Console.WriteLine(this.ExePath);
            }

            InternalExecute();
            return !Log.HasLoggedErrors;
        }

        protected abstract void InternalExecute();

        protected Configuration GetConfiguration()
        {
            //WebVersion
            //Configuration config = WebConfigurationManager.OpenWebConfiguration(this.ApplicationPath);

            //NonAspNet version
            Configuration config = ConfigurationManager.OpenExeConfiguration(ExePath);

            return config;
        }

    }
}




namespace MyCompany.MSBuild.Tasks.Security
{
    using System;
    using System.Linq;
    using System.Diagnostics;
    using System.Configuration;
    using System.Web.Configuration;

    using Microsoft.Build.Framework;
    using Microsoft.Build.Utilities;

    public class ConfigurationProtectorEncrypterTask : ConfigurationProtectorBaseTask 
    {

        /// <summary>
        /// Internal Execute Wrapper.
        /// </summary>
        protected override void InternalExecute()
        {
            Configuration config = base.GetConfiguration();
            ConfigurationSection section = config.GetSection(this.SectionName);
            if (section != null && !section.SectionInformation.IsProtected)
            {
                section.SectionInformation.ProtectSection(this.Provider);
                config.Save();
            }
        }

    }
}









namespace MyCompany.MSBuild.Tasks.Security
{
    using System;
    using System.Linq;
    using System.Diagnostics;
    using System.Configuration;
    using System.Web.Configuration;

    using Microsoft.Build.Framework;
    using Microsoft.Build.Utilities;

    public class ConfigurationProtectorDecrypterTask : ConfigurationProtectorBaseTask
    {

        /// <summary>
        /// Internal Execute Wrapper.
        /// </summary>
        protected override void InternalExecute()
        {
            Configuration config = base.GetConfiguration();
            ConfigurationSection section = config.GetSection(this.SectionName);
            if (section != null && section.SectionInformation.IsProtected)
            {
                section.SectionInformation.UnprotectSection();
                config.Save();
            }
        }

    }
}









::::Save this as: ConfigurationProtectorTaskTest.msbuild 

<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="AllTargetsWrapper" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">

  <UsingTask AssemblyFile="MyCompany.MSBuild.dll" TaskName="ConfigurationProtectorEncrypterTask"/>
  <UsingTask AssemblyFile="MyCompany.MSBuild.dll" TaskName="ConfigurationProtectorDecrypterTask"/>


  <Target Name="AllTargetsWrapper">
    <CallTarget Targets="ConfigurationProtectorEncrypterTask1" />
    <CallTarget Targets="ConfigurationProtectorDecrypterTask2" />
  </Target>


  <PropertyGroup>
    <MyExePath>C:\SomeFolder\MyCompany.SomeExe.exe</MyExePath>
    <MySectionName>connectionStrings</MySectionName>
    <MyProvider>RSAProtectedConfigurationProvider</MyProvider>
  </PropertyGroup>



  <Target Name="ConfigurationProtectorEncrypterTask1">
    <ConfigurationProtectorEncrypterTask ExePath="$(MyExePath)" SectionName="$(MySectionName)" Provider="$(MyProvider)">
    </ConfigurationProtectorEncrypterTask>
  </Target>


  <Target Name="ConfigurationProtectorDecrypterTask2">
    <ConfigurationProtectorDecrypterTask ExePath="$(MyExePath)" SectionName="$(MySectionName)" Provider="$(MyProvider)">
    </ConfigurationProtectorDecrypterTask>

  </Target>



</Project>





:REM BAT FILE TO CALL THE ABOVE .msbuild file

call "%VS90COMNTOOLS%\vsvars32.bat"
del *.log
msbuild /target:ConfigurationProtectorEncrypterTask1 ConfigurationProtectorTaskTest.msbuild /l:FileLogger,Microsoft.Build.Engine;logfile=ConfigurationProtectorEncrypterTask1.log
msbuild /target:ConfigurationProtectorDecrypterTask2 ConfigurationProtectorTaskTest.msbuild /l:FileLogger,Microsoft.Build.Engine;logfile=ConfigurationProtectorDecrypterTask2.log

This will help as well:
http://www.codeproject.com/KB/dotnet/EncryptingTheAppConfig.aspx
http://www.beansoftware.com/ASP.NET-Tutorials/Encrypting-Connection-String.aspx

But the encapsulation into a MSBuild Task is my contribution.

The second URL above also mentions a command line method:

Here is that quoted material (partial quote that is):::

Encryption/Decryption using aspnet_regiis.exe command line tool

You can also encrypt and decrypt sections in the Web.config file using the aspnet_regiis.exe command-line tool, which can be found in the \Microsoft.Net\Framework\version directory. To encrypt a section of the Web.config using the DPAPI machine key with this command-line tool, use following command.

aspnet_regiis.exe -pe "connectionStrings" -app "/YourWebSiteName" –prov "DataProtectionConfigurationProvider"

To decrypt connectionStrings section using this tool, you can specify following command in aspnet_iisreg.exe tool.

aspnet_regiis.exe -pd "connectionStrings" -app "/YouWebSiteName"

回复 原文
~没有更多了~

关于作者

零時差

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

梦里南柯

文章 0 评论 0

不将就、

文章 0 评论 0

alipaysp_ZRaVhH1Dn

文章 0 评论 0

青衫儰鉨ミ守葔

文章 0 评论 0

故事未完

文章 0 评论 0

梦晓ヶ微光ヅ倾城

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文