有关Azure DocumentDB身份验证密钥的最佳做法?
[英]Best practice regarding Azure DocumentDB auth key?
问题描述
With most Azure services I can run an emulator on my local machine, for example the storage emulator. 
对于大多数Azure服务,我可以在本地计算机上运行模拟器,例如存储模拟器。 This allows me to store the credentials to my real azure storage account as an app setting on my azure web site. 这允许我将凭据存储到我的真实azure存储帐户作为我的Azure网站上的应用程序设置。 And locally I have the credentials to the emulator in my web.config. 在本地我在web.config中有模拟器的凭据。
But how to achieve the same kind of security with Azure DocumentDB? 但是如何使用Azure DocumentDB实现同样的安全性? I would prefer not to store the credentials in my local web.config, but at the same time I need to be able to run the application locally when developing. 我不希望将凭据存储在我的本地web.config中,但同时我需要能够在开发时在本地运行该应用程序。 As I understand there is no emulator for the DocumentDB? 据我所知,DocumentDB没有模拟器? And the endpoint and auth key is the same for all DocumentDB's I create? 对于我创建的所有DocumentDB,端点和身份验证密钥是否相同?
So, to sum up my question, what is the best practice to handle the auth key / end point when developing and using Azure DocumentDB? 那么,总结一下我的问题,在开发和使用Azure DocumentDB时处理身份验证密钥/端点的最佳做法是什么?
2 个解决方案
解决方案1
2 已采纳 2015-03-07 21:21:23
You are doing the right thing by storing your connection strings in your Azure Website environment so they are not in your web.config and therefore not in your source control system. 您通过在Azure网站环境中存储连接字符串来做正确的事情,因此它们不在您的web.config中,因此不在您的源代码管理系统中。 And your local development process works well for you only because you are using the emulator which doesn't require any credentials. 并且您的本地开发过程仅适用于您,因为您使用的是不需要任何凭据的模拟器。 That is not always going to be the case though as you pointed out with Document DB and potentially with other resources you may be using to store data. 虽然正如您使用Document DB指出的那样并且可能与您可能用于存储数据的其他资源一样,但情况并非总是如此。
The guidance for storing and deploying app settings and connection strings is to keep those in separate config files locally that are never checked into your source control system. 存储和部署应用程序设置和连接字符串的指南是将它们保存在本地单独的配置文件中,这些配置文件永远不会检入源控制系统。 Then, in your web.config file, reference these files. 然后,在您的web.config文件中,引用这些文件。 This keeps the confidential information out of your web.config. 这样可以保护您的web.config中的机密信息。
For example, for connection strings it would be something like this: 例如,对于连接字符串,它将是这样的:
<connectionStrings configSource="ConnectionStrings.config">
</connectionStrings>
For app settings it would be something like this: 对于应用程序设置,它将是这样的:
<appSettings file="..\..\AppSettingsSecrets.config">
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
...
</appSettings>
More information on this technique is available here . 有关此技术的更多信息,请点击此处 。
解决方案2
1 2015-03-08 07:56:08
Another alternative is to store the key as an environment variable and get your code to read it. 另一种方法是将密钥存储为环境变量,并让代码读取它。
On another note, your development environment should have a separate docdb, one that is not your production environment. 另外,您的开发环境应该有一个单独的docdb,一个不是您的生产环境。 Since docdb does not offer an emulator and no free-tier, this leads to higher costs for development. 由于docdb不提供模拟器而且没有免费套餐,因此会导致开发成本增加。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.