ConnectionString密码-XML转义
[英]ConnectionString password - XML escaping
问题描述
I have a strong password that I am having some trouble to put it on my web.config: 
我有一个强密码,在将其放入web.config时遇到了一些麻烦:
So my web.config entry is: 所以我的web.config条目是:
<add name="MyConnectionString" connectionString="Data Source=tcp:xxxxxx.database.windows.net,1433;Initial Catalog=MyDatabase;MultipleActiveResultSets=true;User ID=xxxxxx@xxxxxxxx;Password=MyPassword" providerName="System.Data.SqlClient" />
And my strong password is: 我的强密码是:
<=#}U}2{p^07>7u10)'*g7|5=96!;a1F2="=!,}7;65\\3{9P0w(#/]${06|S /L2=l{0[2E32+78AJ|@;9}$N=|(0s9,=\\N|o+t
So the issue is related with some character that need to be escaped, but I tried with no success to escape it using single quotes. 因此,该问题与需要转义的某些字符有关,但是我尝试使用单引号将其转义没有成功。
Thanks 谢谢
3 个解决方案
解决方案1
2 2015-02-26 14:04:47
Allow system to handle this for you: 允许系统为您处理:
Console.WriteLine(
new XElement("add",
new XAttribute("name","MyConnectionString"),
new XAttribute("connectionString",
new SqlConnectionStringBuilder {
DataSource="tcp:xxxxxx.database.windows.net,1433",
InitialCatalog="MyDatabase",
MultipleActiveResultSets=true,
UserID="xxxxxx@xxxxxxxx",
Password=Console.ReadLine()
}
),
new XAttribute("providerName","System.Data.SqlClient")
)
);
解决方案2
1 已采纳 2015-02-26 13:50:58
I tried with no success to escape it using single quotes
What that doesn't actually escape anything - it just allows you to have a double-quote as part of your value. 实际上并不能逃脱的任何东西-它只允许您在其价值中加上双引号。 But then it means you can't have an apostrophe as part of your value... it's probably simpler to turn both into entity representations... along with < and & . 但这意味着您不能将撇号作为您的价值的一部分...将两者都转换为实体表示形式以及<和&可能更简单。
So in this case you want: 因此,在这种情况下,您需要:
<=#}U}2{p^07>7u10)'*g7|5=96!;a1F2="=!,}7;65\3{9P0w(#/]${06|S /L2=l{0[2E32+78AJ|@;9}$N=|(0s9,=\N|o+t
If you had an & in your original password, you'd convert that to & 如果您的原始密码中有& ,则可以将其转换为& . 。
Or for more simplicity, when you're generating a password, force it to not have any characters that will require escaping. 或者,为更简单起见,在生成密码时,请强制其不包含任何需要转义的字符。 (Or move to a different authentication model, of course...) (当然,或者转到其他身份验证模型...)
Or come up with this programmatically, as per PetSerAl's answer, of course. 或者,按照PetSerAl的回答,以编程方式提出这个建议。
解决方案3
1 2015-02-26 15:54:16
Agree with @PetSerAl that you should just use a high-level API to create your XML for you. 同意@PetSerAl ,您应该只使用高级API为您创建XML。 But if you must format your XML text manually, the SecurityElement class has utilities to escape and unescape XML text: 但是,如果您必须手动设置XML文本格式,则SecurityElement类具有用于转义和取消转义XML文本的实用程序:
string password = @"<=#}U}2{p^07>7u10)'*g7|5=96!;a1F2=""=!,}7;65\3{9P0w(#/]${06|S /L2=l{0[2E32+78AJ|@;9}$N=|(0s9,=\N|o+t";
var xmlText = System.Security.SecurityElement.Escape(password); // Escape invalid XML characrers.
var passwordBack = new System.Security.SecurityElement("tag", xmlText).Text; // Unescape them again.
Debug.Assert(passwordBack == password); // No assert
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.