加密并将密码存储在 web.config 文件中
我的 web.config 文件中有以下信息。
<appSettings>
<add key="AdminUsername" value="User1"/>
<add key="AdminPassword" value="Password1"/>
</appSettings>
如何加密并存储? 如何解密和使用?
I have the following information in my web.config file.
<appSettings>
<add key="AdminUsername" value="User1"/>
<add key="AdminPassword" value="Password1"/>
</appSettings>
how do I encrypt it and store?
how do I decrypt and use?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
请参阅文章 - http://msdn .microsoft.com/en-us/library/k6h9cz8h%28v=vs.80%29.aspx
该命令是:
其中 MySharePoint 是虚拟目录。 web.config 文件也应该位于该目录内。
Kindly refer to the article - http://msdn.microsoft.com/en-us/library/k6h9cz8h%28v=vs.80%29.aspx
The command is:
where MySharePoint is a Virtual Directory. The web.config file should be inside the directory too.
使用 aspnet_regiis 或等效 API 加密配置节的缺点是它会加密整个节。
从安全角度来看很好,但它使管理员更难以检查同一部分中的其他非敏感配置数据。 appSettings 是管理员经常想要检查的部分。
一种选择是将您的凭据放在不同的部分(例如,在
您当然必须编写代码来解析虚拟连接字符串 (String.Split) 并提取凭据。如下所示(为简单起见,省略错误处理):
通过执行此操作,您可以使 appSettings 部分保持未加密状态。
The drawback of encrypting configuration sections using aspnet_regiis or the equivalent APIs is that it encrypts entire sections.
Good from a security perspective, but it makes it more difficult for an administrator to inspect other non-sensitive configuration data in the same section. appSettings is a section which an administrator will often want to inspect.
One option is to put your credentials in a different section (e.g. create a dummy connection string in the
<connectionStrings>section) and encrypt only this section:You will of course have to write code to parse the dummy connection string (String.Split) and extract the credentials. Something like the following (omitting error handling for simplicity):
By doing this, you can leave your appSettings section unencrypted.