[英]Where should I store the connection string for the production environment of my ASP.NET Core app?
Where should the production and staging connection strings be stored in an ASP.NET Core application, when deploying into IIS 7 (not Azure) ?部署到 IIS 7(不是 Azure)时,生产和暂存连接字符串应该存储在 ASP.NET Core 应用程序中的什么位置?
I am looking for the recommended way of doing it / best-practice, especially security-wise.我正在寻找推荐的做法/最佳实践,尤其是安全方面。
In ASP.NET 5 it's possible to specify multiple configuration sources.在 ASP.NET 5 中,可以指定多个配置源。 Thanks to this welcoming change to previous model you can store your development connection string in simple json file, and your staging and production connection string in environment variables directly on the respective servers.
由于对先前模型的这一受欢迎的更改,您可以将开发连接字符串存储在简单的 json 文件中,并将暂存和生产连接字符串直接存储在相应服务器上的环境变量中。
If you configure your app like this :如果您像这样配置您的应用程序:
var config = new Configuration()
.AddJsonFile("config.json")
.AddEnvironmentVariables();
and there is connection string in both config.json and environment variable then environment source will win.并且在 config.json 和环境变量中都有连接字符串,那么环境源将获胜。
So, store your development connection string in config.json(and freely check in in source control) and production one in environment variable.因此,将您的开发连接字符串存储在 config.json(并在源代码管理中自由检入)并将生产连接字符串存储在环境变量中。 More info here and here .
更多信息在这里和这里。
You want to use the user secrets API in development.您想在开发中使用用户机密 API。 See my example below (Based on ASP.NET 5 Beta 5):
请参阅下面的示例(基于 ASP.NET 5 Beta 5):
ConfigurationBuilder configurationBuilder = new ConfigurationBuilder(
applicationEnvironment.ApplicationBasePath);
// This reads the configuration keys from the secret store. This allows you to store
// connection strings and other sensitive settings on your development environment, so you
// don't have to check them into your source control provider.
if (hostingEnvironment.IsDevelopment())
{
configurationBuilder.AddUserSecrets();
}
IConfiguration configuration = configurationBuilder.Build();
You also have to set the userSecretsId in project.json (See links below).您还必须在 project.json 中设置 userSecretsId(请参阅下面的链接)。 This is a unique ID for your projects secrets and will be needed below when you create a new secret:
这是您的项目机密的唯一 ID,在创建新机密时将在下面用到:
{
"webroot": "wwwroot",
"userSecretsId": "[Your User Secrets ID]",
"version": "1.0.0-*"
...
}
To add/remove/update your user secrets you need to install the secrets manager by running:要添加/删除/更新您的用户机密,您需要通过运行以下命令安装机密管理器:
dnu commands install SecretManager
Then use the secrets manager to actually add/remove/update your settings:然后使用秘密管理器实际添加/删除/更新您的设置:
Usage: user-secret [options] [command]
Options:
-?|-h|--help Show help information
-v|--verbose Verbose output
Commands:
set Sets the user secret to the specified value
help Show help information
remove Removes the specified user secret
list Lists all the application secrets
clear Deletes all the application secrets
Use "user-secret help [command]" for more information about a command.
See this and this documentation for more information.有关更多信息,请参阅此文档和此文档。
I should also note that as of writing (ASP.NET 5 Beta 5), the user secrets are not encrypted!我还应该注意,在撰写本文时(ASP.NET 5 Beta 5),用户机密并未加密! This will change later on.
这将在以后改变。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.