Asp.net在sessionState中加密sqlConnectionString
我在我的应用程序中使用 sessionState mode = "SQLServer"。有什么方法可以加密 web.config 中传递的连接字符串吗?
I am using sessionState mode = "SQLServer" in my application. Is there any way to encrypt the connection string that was passed in web.config?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
要加密应用程序之间的 SQL Server 连接,您只需添加
到连接字符串,例如:
要加密 web.config 中的字符串,请参阅 如何加密连接字符串-in-web.config
To encrypt sql server connection between applications you can just add
to the connection string, eg:
To encrypt the string in web.config see how-to-encrypt-connection-string-in-web.config
我也处于同样的境地,也找不到任何答案。接受的答案也没有回应我认为提出的问题。经过一番研究,我执行了以下操作来解决该问题,并加密了具有 web.config 的
connectionString的sessionState节点加密:
您可以按照按照以下步骤加密 web.config 的特定部分:
以管理员身份运行命令提示符
执行命令:
<预置><代码> cd C:\Windows\Microsoft.NET\Framework\v4.0.30319
执行命令:
ASPNET_REGIIS -pef "system.web/sessionState" "PhysicalPathOfWebsiteThatHasWebConfigFile"
解密:
同样,如果要解密 web.config 中的特定节点,请按照与上述步骤相同,并在最后一步中将
-pef替换为-pdf,该实用程序将解密特定节点上述说明命令:
ASPNET_REGIIS:取自官方MSDN,您可以使用 ASP.NET IIS 注册工具 (Aspnet_regiis.exe) 来加密或解密网页配置文件。处理 Web.config 文件时,ASP.NET 将自动解密加密的配置元素。 -pef 告诉您想要使用它来加密 web.config 中的特定部分。它还有其他用途,并在官方 MSDNsystem.web/sessionState是您想要的特定节点加密。PhysicalPathOfWebsiteThatHasWebConfigFile是应用程序的物理路径(web.config 所在的位置)。请不要在路径末尾添加额外的“\”。其他参考链接:
https://learn.microsoft.com/en-us/previous-versions/aspnet/zhhddkxy(v=vs.100)
aspnet_regiis.exe 做什么
I was in the same position and I also couldn't find any answer. The accepted answer also doesnt reciprocate the question asked in my opinion. After some research, i did the following to solve the issue and encrypted the
sessionStatenode havingconnectionStringof web.configEncryption:
You can follow the following steps to encrypt a specific section of web.config:
Run command prompt as an
administratorExecute the command:
Execute the command:
ASPNET_REGIIS -pef "system.web/sessionState" "PhysicalPathOfWebsiteThatHasWebConfigFile"Decryption:
Similarly if you want to decrypt a specific node in the web.config, follow the same above steps and replace
-pefwith-pdfin the final step and the utility will decrypt the specific nodeExplanation about above commands:
ASPNET_REGIIS: Taken from official MSDN, You can use the ASP.NET IIS Registration Tool (Aspnet_regiis.exe) to encrypt or decrypt sections of a Web configuration file. ASP.NET will automatically decrypt encrypted configuration elements when the Web.config file is processed. And -pef tells that you want to use it for encrypting a specific section in your web.config. It serves other purposes as well as explained in the official MSDNsystem.web/sessionStateis the specific node that you want to encrypt.PhysicalPathOfWebsiteThatHasWebConfigFileis the physical path of your application (where web.config is located). Please do not add an extra ‘\’ at the end of the path.Other Reference Links:
https://learn.microsoft.com/en-us/previous-versions/aspnet/zhhddkxy(v=vs.100)
What does aspnet_regiis.exe do