堆栈内存溢出
  简体   繁体   English

MVC2 .NET 4.0应用程序中的连接字符串加密

[英]Connectionstring Encryption in MVC2 .NET 4.0 app

 原文  2010-11-16 18:12:29       asp.net/ web-config

问题描述

I have an MVC2 .NET 4.0 app, hosted on TFS 2008 (soon to be TFS 2010) that uses connection strings in web.config to connect to a database on another server. 我有一个MVC2 .NET 4.0应用程序,托管在TFS 2008(即将成为TFS 2010)上,该应用程序使用web.config连接字符串连接到另一台服务器上的数据库。 I need to encrypt these connection strings. 我需要加密这些连接字符串。

As I understand it, I can use aspnet_regiis.exe to encrypt the connectionstring portion of the web.config file, but I have to do it on the deployment machine because the encryption uses the machine name to generate the encryption key. 据我了解,我可以使用aspnet_regiis.exe来加密web.config文件的connectionstring部分, 但是我必须在部署机器上进行加密,因为加密使用机器名来生成加密密钥。

Now, it seems to me that this represents a problem - every time I deploy my code to the dev server won't it overwrite the web.config file, and need to be re-encrypted? 现在,在我看来,这似乎是一个问题-每次我将代码部署到开发服务器时,它都不会覆盖web.config文件,并且需要重新加密吗? This sort of manual process seems kludgy. 这种手动过程似乎很麻烦。

  1. Is my understanding about needing to re-encrypt after deployment correct? 我对部署后需要重新加密的理解正确吗?

  2. If so, is there some way to automate this process? 如果是这样,是否有某种方法可以自动执行此过程? I don't want to forget this or get a new team member who doesn't know the process and have the connectionstring exposed to the world. 我不想忘记这一点,也不想让一个新的团队成员不知道该过程,而将连接字符串暴露给世人。

1 个解决方案

解决方案1
 0  2010-11-16 18:17:24

web.config files aren't typically part of a deployment (though Visual Studio 2010 supports configuration file transforms in web application deployment projects). web.config文件通常不是部署的一部分(尽管Visual Studio 2010支持Web应用程序部署项目中的配置文件转换 )。 I wouldn't expect that you should be overwriting the web.config when you deploy (because the web.config is where you would place those things that are specific to that machine/environment. 我不希望部署时会覆盖web.config(因为web.config是放置特定于该计算机/环境的内容的位置。

So, encrypt it once, and then don't overwrite it, would be my advice. 因此,将其加密一次,然后不要覆盖它,这是我的建议。

Since that isn't available in your situation, it is possible to specify a key when encrypting, so that you can share the encrypted file between machines. 由于在您的情况下不可用,因此可以在加密时指定密钥,以便您可以在计算机之间共享加密的文件。 By default, the command to encrypt uses the DPAPI to encrypt the section (which is tied to the machine) but you can also use RSA for encryption. 默认情况下,加密命令使用DPAPI对部分(与计算机绑定)进行加密,但是您也可以使用RSA进行加密。 More info is available on MSDN in Specifying a Protected Configuration Provider . 有关指定的受保护配置提供程序,请参见MSDN中的更多信息。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 .NET 4.0上的ASP.NET MVC2:[ValidateInput(false)]是否足够? - ASP.NET MVC2 on .NET 4.0: is [ValidateInput(false)] enough? IIS 6上的ASP.NET 4.0 MVC2路由 - ASP.NET 4.0 MVC2 routing on IIS 6 MVC 2 / ASP.NET 4.0 App无法正常工作 - MVC 2/ASP.NET 4.0 App not working 连接字符串加密 - connectionString encryption ASP.NET MVC数据库ConnectionString说明 - ASP.NET MVC Database ConnectionString Explanation 将 ASP.NET MVC2 应用程序从 CD 部署到 IIS6,无需 web 部署 - Deploy ASP.NET MVC2 app to IIS6, from a CD, WITHOUT web deploy ASP.NET MVC2 CategoryTree路由 - ASP.NET MVC2 CategoryTree Routing asp.net mvc2网站地图 - asp.net mvc2 sitemap 带MVC2的ASP.NET AJAX - Asp.net ajax with mvc2 asp.net mvc2任务调度器 - asp.net mvc2 task scheduler
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM