解密连接字符串
我一直在阅读有关 C#/ASP 应用程序的 web.config 某些部分的加密和解密的内容,并且我成功地为我的应用程序加密了 web.config 的连接字符串。我的问题是解密。我使用标准代码来加密和解密,但它修改了 web.config。在本地它工作得很好,因为当它修改 web.config 时我可以保存它并且它仍然会运行,但是当我将它上传到远程服务器时它就不起作用了。
我收到的错误是
配置错误描述:配置期间发生错误 处理服务该请求所需的配置文件。 请查看下面的具体错误详细信息并修改您的 适当配置文件。
解析器错误消息:无法使用提供程序解密 'RsaProtectedConfigurationProvider'。来自提供商的错误消息: 不良数据
加密
try
{
Configuration config = WebConfigurationManager.OpenWebConfiguration("~");
ConfigurationSection section = config.GetSection("connectionStrings");
if (!section.SectionInformation.IsProtected)
{
section.SectionInformation.ProtectSection("RSAProtectedConfigurationProvider");
config.Save();
}
catch (Exception ex)
{
}
解密
Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section = config.GetSection("connectionStrings");
if (section.SectionInformation.IsProtected)
{
section.SectionInformation.UnprotectSection();
config.Save();
}
我在页面加载时调用解密方法,但它不起作用,并且给我上面的错误。
我根本无权访问主机服务器。所以使用命令行不是一个选择。
I've been reading about encryption and decryption of certain parts of the web.config for C#/ASP applications and I am successful in encrypting the connectionstring of the web.config for my application. My problem is decrypting. I'm using the standard code to encrypt and decrypt but it modifies the web.config. Locally it works fine since when it does modify the web.config I can save it and it will still run but when I upload it to a remote server then it doesn't work.
The error I'm getting is
Configuration Error Description: An error occurred during the
processing of a configuration file required to service this request.
Please review the specific error details below and modify your
configuration file appropriately.Parser Error Message: Failed to decrypt using provider
'RsaProtectedConfigurationProvider'. Error message from the provider:
Bad Data
Encrypting
try
{
Configuration config = WebConfigurationManager.OpenWebConfiguration("~");
ConfigurationSection section = config.GetSection("connectionStrings");
if (!section.SectionInformation.IsProtected)
{
section.SectionInformation.ProtectSection("RSAProtectedConfigurationProvider");
config.Save();
}
catch (Exception ex)
{
}
Decrypting
Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section = config.GetSection("connectionStrings");
if (section.SectionInformation.IsProtected)
{
section.SectionInformation.UnprotectSection();
config.Save();
}
I call the decrypting method whenever the page loads but it doesn't work and it gives me the error above.
I do not have access to the host server at all. So using the command line is not an option.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
确保远程服务器上的解密密钥与您本地的解密密钥相同。这将是计算机密钥元素。
Make sure the same decryption key is available on the remote server that you have locally. This would be the machine key element.
您可以创建并导出 RSA 密钥容器,但您仍然需要访问远程服务器以导入容器。
顺便说一句,我不认为 machineKey 元素与这里相关。来自 MSDN:
You can create and export an RSA Key Container but you'll still need access to the remote server to import the container.
I don't believe that the machineKey element is relevant here BTW. From MSDN:
我猜测这种情况是您尝试在将 web.config 推送到托管提供商/远程服务器之前在本地对其进行加密。 Steve Rowbotham 对这个问题的回答是正确的,因为您需要在开发计算机和远程服务器上使用相同的 RSA 密钥容器,以便能够进行本地加密和远程解密。
作为部署过程的一部分,您可以采取不同的路线并加密 web.config 吗?我们使用 MsDeploy 在部署期间处理配置文件的加密,如果您愿意,我可以提供一些示例代码。
或者,当您的应用程序首次加载时(在global.asax 中的Application_Start 事件期间),您可以检查web.config 的connectionStrings 部分是否已加密,然后对其进行加密。您不必手动解密 web.config...
I'm guessing the scenario is you're trying to encrypt the web.config locally before pushing it to your hosting provider/remote server. Steve Rowbotham's answer on this question is correct in that you'll need the same RSA Key container on both your development machine and the remote server to be able to encrypt locally and decrypt remotely.
Can you take a different route and encrypt the web.config as part of your deployment process? We use MsDeploy to handle encrypting the config file during deployment and I can provide some sample code if you would like it.
Alternatively, when you application first loads (during the Application_Start event in global.asax) you could check if the connectionStrings section of the web.config is encrypted and then encrypt it. You shouldn't have to decrypt the web.config manually...