加密web.config

web.config中连接字符串的加密解密
加密:
     asp.net里面web.config文件中的连接字符串是以明码形式保存的,通常存储内容包括数据库服务器名称、数据库名称、账号、甚至包括密码。
为了解决这个问题,ASP.NET 2.0支持一种将连接字符串等敏感信息加密存储于是Web.config文件中的方法.进入.net 的SDK命令提示符,使用命令行工具aspnet_regiis.exe.该应用程序位于“%systemroot%\Micrsoft.NET \Framework\versionNumber”文件夹中。aspnet_regiis.exe是一种常见的命令行解释器,开发人员只需按照简单的语 法要求输入命令,就可以完成连接字符串的加密或解密的任务。
  假设需要加密的Web.config文件位于“D:\website2”文件夹中,则使用的命令行如下。
  aspnet_regiis.exe -pef “connectionStrings” “D:\website2”
  参数"-pef"表示根据文件绝对路径执行加密配置节;“connectionStrins”表示所加密的配置节名称;“D:\website2”表 示Web.config文件所在文件夹绝对路径。  加密结束后,aspnet_regiis.exe将提示开发人员加密成功
解密:连接字符串加密后,其它人很难在不经过解密的情况下,了解具体的连接字符串内容。
解密的命令如下: aspnet_regiis.exe -pdf “connectionStrings” “D:\website2”  需要注意的是,加密过程中使用了一个基于本机的密钥,这意味着解密过程必须在同一台计算机上完成。如果是将加密后的 Web.config文件移动到其它计算机上,那么Web.config文件中的连接字符串将不能够正常解密。注意,加密是-pef,解密是-pdf,不 要搞错了

 

 

You can encrypt and decrypt the data in a configuration file's configuration sections. A configuration section contains the configuration information for an application block. The configuration tool allows you to select from the encryption providers that are included in the Machine.config file. Typically, these are the DataProtectionConfigurationProvider, which uses DPAPI, and the RsaProtectedConfigurationProvider, which uses RSA.

If the encrypted configuration file is going to be on only a single server, you can use the DataProtectionConfigurationProvider. If you want to deploy the same encrypted configuration file on multiple servers in a Web farm, you should use the RsaProtectedConfigurationProvider. This provider makes it easy for you encrypt the data on one server computer and then export the RSA private key needed to decrypt the data. You can then deploy the configuration file and the exported key to the target servers, and then re-import the keys.

To encrypt a configuration section

  1. Open one of the configuration tools.
  2. Open an existing configuration file or create a new one.
  3. Click the name of the application block whose configuration information you want to encrypt.
  4. In the Properties pane, click ProtectionProvider.
  5. Select either DataProtectionConfigurationProvider or RsaProtectedConfigurationProvider.

All the settings for the providers, such as where keys are stored, are also in the Machine.config file. You cannot change this file with a configuration tool. Instead, you must modify the file using a text editor.

To decrypt a configuration file, simply open it in the configuration tool. The file is automatically decrypted.

posted @ 2014-02-27 11:32  Blues_  阅读(649)  评论(0编辑  收藏  举报