[英]Asp.net encrypt sqlConnectionString in sessionState
I am using sessionState mode = "SQLServer" in my application.我在我的应用程序中使用 sessionState mode = "SQLServer"。 Is there any way to encrypt the connection string that was passed in web.config?
有没有办法加密在 web.config 中传递的连接字符串?
To encrypt sql server connection between applications you can just add要加密应用程序之间的 sql server 连接,您只需添加
encrypt=true
to the connection string, eg:到连接字符串,例如:
"Server=##.##.##.##,1092;Database=dbname;uid=username;pwd=password;encrypt=true"
To encrypt the string in web.config see how-to-encrypt-connection-string-in-web.config要加密 web.config 中的字符串,请参阅how-to-encrypt-connection-string-in-web.config
I was in the same position and I also couldn't find any answer.我处于同样的位置,我也找不到任何答案。 The accepted answer also doesnt reciprocate the question asked in my opinion.
接受的答案也没有回应我认为提出的问题。 After some research, i did the following to solve the issue and encrypted the
sessionState
node having connectionString
of web.config经过一番研究,我做了以下工作来解决这个问题并加密了具有 web.config 的
connectionString
的sessionState
节点
Encryption:加密:
You can follow the following steps to encrypt a specific section of web.config:您可以按照以下步骤加密 web.config 的特定部分:
Run command prompt as an administrator
以
administrator
身份运行命令提示符
Execute the command:执行命令:
cd C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319
Execute the command:执行命令:
ASPNET_REGIIS -pef "system.web/sessionState" "PhysicalPathOfWebsiteThatHasWebConfigFile"
Decryption:解密:
Similarly if you want to decrypt a specific node in the web.config, follow the same above steps and replace -pef
with -pdf
in the final step and the utility will decrypt the specific node同样,如果你要解密在web.config特定的节点,按照相同的上述步骤并更换
-pef
与-pdf
在最后的步骤和实用程序将解密的特定节点
Explanation about above commands:以上命令说明:
ASPNET_REGIIS
: Taken from official MSDN , You can use the ASP.NET IIS Registration Tool (Aspnet_regiis.exe) to encrypt or decrypt sections of a Web configuration file. ASPNET_REGIIS
:取自官方MSDN ,您可以使用 ASP.NET IIS 注册工具 (Aspnet_regiis.exe) 来加密或解密 Web 配置文件的部分。 ASP.NET will automatically decrypt encrypted configuration elements when the Web.config file is processed.处理 Web.config 文件时,ASP.NET 将自动解密加密的配置元素。 And -pef tells that you want to use it for encrypting a specific section in your web.config.
并且 -pef 告诉您要使用它来加密 web.config 中的特定部分。 It serves other purposes as well as explained in the official MSDN
它用于其他目的以及在官方MSDN 中解释
system.web/sessionState
is the specific node that you want to encrypt. system.web/sessionState
是您要加密的特定节点。
PhysicalPathOfWebsiteThatHasWebConfigFile
is the physical path of your application (where web.config is located). PhysicalPathOfWebsiteThatHasWebConfigFile
是应用程序的物理路径(web.config 所在的位置)。 Please do not add an extra '\\' at the end of the path.请不要在路径末尾添加额外的“\\”。
Other Reference Links:其他参考链接:
https://docs.microsoft.com/en-us/previous-versions/aspnet/zhhddkxy(v=vs.100) https://docs.microsoft.com/en-us/previous-versions/aspnet/zhhddkxy(v=vs.100)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.