简体繁体 English

ASP.NET Core appSettings.json安全

[英]ASP.NET Core appSettings.json security

原文 2017-10-09 11:27:09 6 2 asp.net/ security/ connection-string/ password-encryption/ appsettings

I have an ASP.NET Core 2.0 WebAPI application that has Db ConnectionString in appSettings.json. 我有一个ASP.NET Core 2.0 WebAPI应用程序，其appSettings.json中具有Db ConnectionString。 While in development it has this value: 在开发过程中，它具有以下价值：

"DefaultConnection":"Server=localhost;Database=Tyroll;Trusted_Connection=True;MultipleActiveResultSets=true" “DefaultConnection”： “服务器=本地主机;数据库= Tyroll; Trusted_Connection = TRUE; MultipleActiveResultSets =真”

and only when we publish it to production we change this with appropriate passwords, by using VS 2017 publish profile. 并且只有在将其发布到产品中时，才使用VS 2017发布配置文件使用适当的密码对此进行更改。

So SQL server passwords for are not stored on repository and no problem there. 因此，SQL Server的密码不会存储在存储库中，也不会出现问题。

The file appsettings.json is protected by IIS 文件appsettings.json 受IIS保护
The question I wonder is should this password be somehow 'hidden' even on IIS? 我想知道的问题是，即使在IIS上也应该以某种方式“隐藏”此密码吗？
One reason being additional security, so that SQL credentials are not in plain text in case of breach here. 原因之一是额外的安全性，因此在此情况下，SQL凭据不是纯文本格式。 Another for some authorization scenario where IIS admin should not have directly access to SQL server. 对于某些授权方案，这是另一种方案，其中IIS管理员不应直接访问SQL Server。

I figure it could be encrypted and the app itself will have key for decrypting it. 我认为它可以被加密，并且应用程序本身将具有解密它的密钥。 This would not be 100% secure since in the case of breach on IIS even this key could be reverse engineered from the app, but it would make it more difficult then when it's there in plain text. 这并不是100％安全的，因为即使在IIS遭到破坏的情况下，也可以从应用程序对该键进行逆向工程，但是与纯文本格式相比，这将变得更加困难。

So first question is should I be doing this at all? 因此，第一个问题是我是否应该这样做？

And second if 1.Q is Yes, what would be the best / recommended way to do it? 其次，如果1.Q是，那么最好/推荐的方法是什么？

Is there some built in tool for this in .NetCore2 or VS2017 or IIS, or some other tool? 在.NetCore2或VS2017或IIS中是否有为此内置的工具，或其他一些工具？

Here are some related links: 以下是一些相关链接：

2 个解决方案

I would suggest that you should user Active Directory Integrated security for accessing the database , the App Pool can run under the user account and that particular user account will only have the required access to the database . 我建议您应该使用Active Directory集成安全性来访问数据库，应用程序池可以在用户帐户下运行，并且该特定用户帐户仅具有对数据库的必需访问权限。 This safeguards the user credentials in case of an attack since the password is never exposed. 由于不会泄露密码，因此在受到攻击时可以保护用户凭据。

Solution I implemented is making custom encryption of Password in ConnectionString . 我实现的解决方案是对ConnectionString中的Password进行自定义加密。
But since the App needs to the decrypt it, it is more an Obfuscation. 但是由于应用程序需要对其解密，因此它更加令人困惑。
For encryption I have used AES (using System.Security.Cryptography) and the key is stored: half in connectionString itself and other half hardCoded in the Application. 对于加密，我使用了AES （使用System.Security.Cryptography），并且存储了密钥：一半在connectionString本身中，另一半在应用程序中用hardCoded编码。
In addition regex was used to extract Password from ConnectionString and then was replaced with decrypted string of it. 另外，使用正则表达式从ConnectionString中提取密码，然后将其替换为解密后的字符串。