简体繁体 English

保护 web.config 设置

[英]Securing web.config settings

原文 2016-06-24 14:37:07 1 4 c#/ asp.net/ asp.net-mvc

We are developing an ASP.NET MVC 5 application.我们正在开发一个 ASP.NET MVC 5 应用程序。 We hired some remote developers to help us with the project.我们聘请了一些远程开发人员来帮助我们完成该项目。

The web.config file contains connection strings and app settings that we don't want to share with these remote developers. web.config 文件包含我们不想与这些远程开发人员共享的连接字符串和应用程序设置。 To work on our application, these developers remote into a development desktop that we control.为了处理我们的应用程序，这些开发人员远程进入我们控制的开发桌面。

What is the best practice for securing sensitive information in web.config, so that developers can still run and debug application but not read the sensitive info in web.config?在 web.config 中保护敏感信息的最佳实践是什么，以便开发人员仍然可以运行和调试应用程序，但不能读取 web.config 中的敏感信息？

4 个解决方案

Encrypting the web.config in a development environment is pointless.在开发环境中加密web.config毫无意义。 The only way to truely hide the information from the developers is not to give it to them in the first place.真正向开发人员隐藏信息的唯一方法是首先不要将其提供给他们。

You must ensure that your "remote development environment" is setup only to access a development database and is configured with other development settings only.您必须确保您的“远程开发环境”仅设置为访问开发数据库，并且仅使用其他开发设置进行配置。
Don't check in any sensitive data (production passwords, etc) into your source control.不要将任何敏感数据（生产密码等）签入您的源代码管理。 You can achieve this by separating the information into external .config files so they are not checked into source control.您可以通过将信息分离到外部.config文件中来实现这一点，这样它们就不会被签入源代码管理。 TIP: Ignore the file with the actual passwords and add another one with the same name and an extension such as .config.example that is checked in to give the developer instructions on how to setup the file on their local system (which is a helpful reminder regardless of who sets up the system from a clone of the source control repository).提示：忽略带有实际密码的文件并添加另一个具有相同名称和扩展名的文件，例如.config.example已签入以向开发人员提供有关如何在其本地系统上设置文件的说明（这很有帮助）提醒无论是谁从源控制存储库的克隆设置系统）。
Use a continuous integration server ( TeamCity , Jenkins , Octopus Deploy , etc) to build sensitive information into the release workflow through environment variables .使用持续集成服务器（ TeamCity 、 Jenkins 、 Octopus Deploy等）通过环境变量将敏感信息构建到发布工作流中。 Many CI servers have the ability to hide sensitive data from the UI .许多 CI 服务器能够在 UI 中隐藏敏感数据。 You can either practice automatic deployment via CI button-click so your developers don't have access to the sensitive data that is in the CI server, or give the deployment artifact(s) to a trusted team to install in production.您可以通过单击 CI 按钮来练习自动部署，这样您的开发人员就无法访问 CI 服务器中的敏感数据，或者将部署工件交给受信任的团队以在生产中安装。

There is really no reason why a developer should even be given a chance to see sensitive production data such as passwords and private keys.真的没有理由让开发人员有机会查看敏感的生产数据，例如密码和私钥。

Like Ingenioushax suggested, the standard way of encrypting sections of web.config is using aspnet_regiis.就像Ingenioushax建议的那样，加密 web.config 部分的标准方法是使用 aspnet_regiis。 Here is a tutorial . 这是一个教程。

How are you deploying your application?你如何部署你的应用程序？

If you use a tool such as Octopus Deploy - that only your onshore team have access to - you can use that to store any sensitive settings.如果您使用Octopus Deploy 之类的工具 - 只有您的陆上团队可以访问 - 您可以使用它来存储任何敏感设置。 These will get inserted into your configuration file during deployment.这些将在部署期间插入到您的配置文件中。

In Octopus Deploy these are known as configuration variables .在 Octopus Deploy 中，这些被称为配置变量。

This assumes that the sensitive settings are for environments other than ones that the developers will use themselves (Production and UAT, for example).这假定敏感的设置是比那些开发者会使用他们自己（生产和UAT，例如）其他环境。

您可以将配置变量存储在环境变量中，并在运行时将它们读入应用程序 - 这更好，因为每个开发人员和环境都可以拥有自己的配置，这些配置永远不会与其他人发生冲突。