堆栈内存溢出
  简体   繁体   English

如何为实体框架和Windows窗体加密ConnectionString

[英]How To Encrypt ConnectionString for Entity Framework and Windows Forms

 原文  2013-10-01 18:49:53       c#/ winforms/ entity-framework/ encryption

问题描述

I am writing a Windows Forms application for public distribution that utilizes a cloud database. 我正在编写Windows窗体应用程序以进行公共分发,该应用程序利用云数据库。 I need to encrypt the connection string in the published app.config file. 我需要加密已发布的app.config文件中的连接字符串。 I am using Entity Framework and .net 4.5 for this project. 我为此项目使用Entity Framework和.net 4.5。 From what I've read (and it may be wrong), EF does not automatically decrypt connection strings. 根据我所读的内容(可能是错误的),EF不会自动解密连接字符串。 How do I accomplish that? 我该怎么做?

2 个解决方案

解决方案1
 0  2013-10-01 21:05:29

You should use Windows authentication. 您应该使用Windows身份验证。 If you give the users an encrypted connection string and expect them to pass it back unencrypted then you have to give them the means to decrypt basically the public key which is a security no no. 如果为用户提供了一个加密的连接字符串,并希望他们将其以未加密的形式传递回去,那么您就必须为他们提供一种基本上解密公用密钥的方法,这是安全性。 You may be able to encrypt the string in the file and have the application pass it up to a WCF or REST service that holds the private key, decrypts, establishes connection to the database, and makes the query to the database. 您可能能够对文件中的字符串进行加密,并使应用程序将其传递给WCF或REST服务,该服务包含私钥,解密,建立与数据库的连接以及对数据库进行查询。 But that still makes the encrypted value as good as a password. 但这仍然使加密后的值与密码一样好。 This is why you need to use windows authentication so the user can provide his credentials and you authorize them. 这就是为什么您需要使用Windows身份验证,以便用户可以提供其凭据并对其进行授权的原因。 That way you can control who is accessing the database and the user is the only person with access to their password (theoretically anyhow). 这样,您可以控制谁在访问数据库,并且用户是唯一有权访问其密码的人(理论上无论如何)。

This is also why ASP.Net has this functionality and WinForm apps don't ASP.Net apps run in a controlled server environment where they can have access to a private key without sharing it with the world. 这也是为什么ASP.Net具有此功能,而WinForm应用程序却没有ASP.Net应用程序在受控服务器环境中运行的原因,在这种环境下,他们可以访问私钥而不与世界共享。

解决方案2
 -2  2013-10-02 10:52:41

To expand on my comments to make it an answer, you can use aspnet_regiis . 要扩展我的评论使其成为答案,可以使用aspnet_regiis Rename your app.config to web.config, then follow the steps described in 将您的app.config重命名为web.config,然后按照中所述进行操作

Encrypting sections and-or settings in an App.config file that will be redistributed 加密将重新分发的App.config文件中的部分和/或设置

After it is done, rename the file back. 完成后,重新命名文件。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在实体框架中加密ConnectionString(第一个代码) - Encrypt ConnectionString in entity framework (first code) 如何在Application Start上更改Entity Framework 5中的ConnectionString - How to Change the ConnectionString in Entity Framework 5 on Application Start 实体框架 6 连接字符串混淆 - Entity Framework 6 Connectionstring confusion 实体框架LocalDB连接字符串 - Entity Framework LocalDB connectionstring 如何在.NET Windows窗体中使用Entity Framework将自定义按钮添加到DataGridView - How to add custom buttons to DataGridView with Entity Framework in .NET Windows Forms 实体框架如何将文本框绑定到Windows窗体中的模型 - Entity Framework How to bind textbox to model in Windows Forms 实体框架DBContext和动态ConnectionString - Entity Framework DBContext and dynamic ConnectionString Entity Framework Core 2中的ConnectionString Builder - ConnectionString Builder in Entity Framework Core 2 如何在Entity Framework Core中从appsettings.json设置连接字符串 - How to set connectionstring from appsettings.json in Entity Framework Core 如何首先使用实体​​框架代码在DbContext中使用ConnectionString? - How to use ConnectionString with DbContext using Entity Framework code first?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM