.net2.0 Webconfig中连接串的加密

网络 2013/6/11 19:47:09

【导读】ASP.NET 2.0 允许用户对配置文件的单个节进行加密本文。通过示例，演示如何以编程方式对配置节进行加密，配置API如何自动处理加密的节。

ASP.NET 2.0 现在允许您对配置文件的单个节进行加密，这样，几乎不可能使用文本编辑器来读取这些配置节。

ASP.NET 包括两个内置的受保护配置提供程序：RSA和DPAPI DPAPI提供程序使用特定于计算机的密钥，因此您必须在每台计算机上实际加密配置设置。默认使用的RSA提供程序允许您选择创建RSA密钥并将其安装在其他计算机上，这样您就可以在这些计算机之间复制相同的配置文件。此外，您还可以安装其他受保护配置提供程序供系统使用。

调用配置管理API可透明地使用加密的节，因为该API自动处理加密和解密。若要通过编程方式将配置节设置为加密的，可获取ConfigurationSection.SectionInformation属性，然后传入您选择的保护提供程序调用ProtectSection方法。若要使用默认提供程序，可以传入null或空字符串。UnprotectSection方法禁用配置节的加密。

下面的示例演示如何以编程方式对配置节进行加密，配置API如何自动处理加密的节。

<%@ Import Namespace="System.Configuration" %>
<%@ Import Namespace="System.Web.Configuration" %>
<%@ Import Namespace="System.Xml" %>
<script runat="server" language="C#">
public void Page_Load(object source, EventArgs e)
...{
if (!IsPostBack) ...{
UpdateUI();
}
}
void ProtectButton_OnClick(Object source, EventArgs e)
...{
String path = Request.CurrentExecutionFilePath;
path = path.Substring(0, path.LastIndexOf(’/’));
// Get configuration.
Configuration config = WebConfigurationManager.OpenWebConfiguration(path);
ConfigurationSection appSettings = config.GetSection("appSettings");
if (appSettings.SectionInformation.IsProtected)
...{
appSettings.SectionInformation.UnprotectSection();
}
else
...{
appSettings.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
}
try
...{
config.Save();
UpdateUI();
}
catch (Exception ex)
...{
Response.Write("In order to modify configuration settings, the ASP.NET process account
(either the local ASPNET or Network Service account, by default) ");
Response.Write("must have write permission granted for the Web.config file
in the sample directory");
}
}
void UpdateUI()
...{
String path = Request.CurrentExecutionFilePath;
path = path.Substring(0, path.LastIndexOf(’/’));
// Get configuration.
Configuration config = WebConfigurationManager.OpenWebConfiguration(path);
// Show XML for app settings.
ConfigurationSection appSettings = config.GetSection("appSettings");
// Set protect button appropriately.
if (appSettings.SectionInformation.IsProtected)
...{
Encrypted.Text = "Yes";
ProtectButton.Text = "Unprotect";
}
else
...{
Encrypted.Text = "No";
ProtectButton.Text = "Protect";
}
// Show XML for app settings.
AppSettingsXml.Text = " " + Server.HtmlEncode(appSettings.SectionInformation.GetRawXml());
// Load XML directly from config file, to show encrypted XML.
String configPath = Server.MapPath("web.config");
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.Load(configPath);
XmlNode appSettingsXml = doc.SelectSingleNode("configuration/appSettings");
AppSettingsEncrypted.Text = " " + Server.HtmlEncode(appSettingsXml.OuterXml);
}
</script>
<html>
<head>
<title>Encrypted Configuration Sections</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<h2>Encrypted:<asp:Label runat="server" id="Encrypted" /></h2>
<asp:Button runat="server" id="ProtectButton" OnClick="ProtectButton_OnClick" />
<h2>Current XML (decrypted):</h2>
<pre>
<asp:Label runat="server" ID="AppSettingsXml" />
</pre>
<h2>Encrypted contents:</h2>
<pre>
<asp:Label runat="server" ID="AppSettingsEncrypted" />
</pre>
</div>
</form>
</body>
</html>

对应配置文件如下：

<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configProtectedData />
<appSettings>
<add key="currencyService" value="http://www.microsoft.com/services/currencyService.asmx" />
<add key="creditCardValidationService" value="http://www.microsoft.com/services/cc.asmx" />
</appSettings>
</configuration>