首页 文章

如何加密web.config连接字符串

提问于
浏览
0

我正在尝试加密web.config中的连接字符串 . 我遵循微软的指导方针,但它不起作用 . http://msdn.microsoft.com/en-us/library/ff650304.aspx#paght000006_step3

我得到“加密配置部分成功!”在命令提示符下 . 我从web.config中删除了“connectionStrings”部分,并将新添加的“connectionStrings”保存为加密数据 .

我有两个用于Entity Framework的MSSQL数据库连接字符串,但我在运行时编译时收到错误“ The specified named connection is either not found in the configuration, not intended to be used with the EntityClient provider, or not valid.

当您打开模型edmx文件,并从数据库更新模型时 . Visual Studio显示错误“ Failed to decrypt using provider RSAProtectedConfigurationProvider....The RSA key container could not be opened."

<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
      <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
        xmlns="http://www.w3.org/2001/04/xmlenc#">
        <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
          <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
            <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
              <KeyName>Rsa Key</KeyName>
            </KeyInfo>
            <CipherData>
              <CipherValue>..........</CipherValue>
            </CipherData>
          </EncryptedKey>
        </KeyInfo>
        <CipherData>
          <CipherValue>........</CipherValue>
        </CipherData>
      </EncryptedData>
    </connectionStrings>

--------解决了,回答如下 . ------

asp.net iis-7 web-config connection-string

3 回答

  • 2

    在发布项目的服务器上运行此代码

    string provider = "RSAProtectedConfigurationProvider";
string section = "connectionStrings";

protected void Page_Load(object sender, EventArgs e)
{

}
protected void btnEncrypt_Click(object sender, EventArgs e)
{
   Configuration confg = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
   ConfigurationSection configSect = confg.GetSection(section);
   if (configSect != null)
   {
      configSect.SectionInformation.ProtectSection(provider);
      confg.Save();
   }
}

protected void btnDecrypt_Click(object sender, EventArgs e)
{
   Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
   ConfigurationSection configSect = config.GetSection(section);
   if (configSect.SectionInformation.IsProtected)
   {
      configSect.SectionInformation.UnprotectSection();
      config.Save();
   }
}

    in this link : http://www.codeproject.com/Tips/304638/Encrypt-or-Decrypt-Connection-Strings-in-web-confi

    <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>WagJ9DDjWTNc1nmYVNQXaQqXalQzXaiCHAOtUJvTWBRZiuT6UK1fBElM80PnL6dC5Umb8qvfHdkSMgoMW9CJzwOTZ0zTy17JBGZqRQmlfW2G9LacoWIil0UrxjhgmJmRXhwXHFpdGwEVl7AoQGVlJGabXuChutaTxmfGOoUbCr0=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>qry5qnr3qxOgyoNPeP7OKEiHpr/PPTsaeQ2mYUsSK7cg4Kkl9uPO4RyUXgBIkgCTsjbObqLlyndcSBnYyek6bxG/IBL82G1R5J1ci8i1eyt8kIDqouzYOx5vtouErld4z1L+7WGf9Wg37QAH5RiiEfkCHndJJq3dTqjxnnXZSno6NgbxSXDfqzwE/eKDVhGV3oaTQSfjVmO8e5a9wvREYeeyasDhojx8J2mdy7/Q9rEIpv98RTiRxA==</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
    回复于
  • -1

    看起来创建密钥的帐户与运行应用程序的帐户不同 . 您是否确保相应的帐户可以访问密钥存储区?从那篇文章中你发送了......

    授予对ASP.NET应用程序标识的访问权限 . 如果您不确定要使用哪个标识,请使用以下代码从网页检查标识:

    using System.Security.Principal;

protected void Page_Load(object sender, EventArgs e)
{
    Response.Write(WindowsIdentity.GetCurrent().Name);
}

    默认情况下,Windows Server 2003上的ASP.NET应用程序使用NT Authority \ Network Service帐户运行 . 打开.NET命令提示符,并使用以下命令为此帐户授予对NetFrameworkConfigurationKey存储的访问权限:aspnet_regiis -pa“NetFrameworkConfigurationKey”“NT Authority \ Network Service”如果命令成功运行,您将看到以下输出:添加ACL访问RSA密钥容器......成功!您可以在以下文件夹中检查文件的ACL:\ Documents and Settings \ All Users \ Application Data \ Microsoft \ Crypto \ RSA \ MachineKeys您的RSA密钥容器文件是此文件夹中具有最新时间戳的文件 .

    此外,these simple commands seemed to work用于EF / Linq-to-Entities

    回复于
  • 0

    当您运行aspnet命令时,加密数据应该替换“connectionStrings”,如果没有,则失败 . aspnet_regiis -pe“connectionStrings”-app“/”-location“subfolder”-site“2”

    我运行了那个命令,但事实证明我不需要-location,这是不正确的 .

    我应该知道,当密码值XML字段如此之小时 .

    但是,这两个命令可以解决问题......

    aspnet_regiis -pe“connectionStrings”-app“/”-site“2”

    aspnet_regiis -pa“NetFrameworkConfigurationKey”“IIS APPPOOL \ MyApp”

    回复于

相关问题