ConnectionString encryption for Web. config

Original: ConnectionString encryption for Web. config

This article refers to Wayshan's blog, the original address: http://www.cnblogs.com/wayshan/archive/2012/04/09/web_config.html

In the Web. config configuration file, there are some sensitive data that you want to be protected, such as the connection string connectionstring of the database, which is shown by default in clear text, for example:

1 <appSettings>2     <!--database Link--3     <add key="  ConnectionString" value="Data source=127.0.0.1;initial catalog=demo2012; User id=sa;password=123456"/>4   </appSettings>

After encryption, the configuration information becomes:

1<appsettings configprotectionprovider="RsaProtectedConfigurationProvider">2<encrypteddata type="http://www.w3.org/2001/04/xmlenc#Element"3xmlns="http://www.w3.org/2001/04/xmlenc#">4<encryptionmethod algorithm="HTTP://WWW.W3.ORG/2001/04/XMLENC#TRIPLEDES-CBC"/>5<keyinfo xmlns="http://www.w3.org/2000/09/xmldsig#">6<encryptedkey xmlns="http://www.w3.org/2001/04/xmlenc#">7<encryptionmethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>8<keyinfo xmlns="http://www.w3.org/2000/09/xmldsig#">9<keyname>rsa key</keyname>Ten</KeyInfo> One<CipherData> A<ciphervalue>fseeyg/sule0sqtip30msc9a/tuyjsdij3ndlke1igsyu3vo02krhstnblwrsrlffggwp65fujjuj5+ Qipnqnx0thjcajf43prp28u9v1fkxux/t5bxi4rg2rjw6mspluz1saqojjjxi8arcys+83qpcxvjml1un74rlopls6qs=</ciphervalue > -</CipherData> -</EncryptedKey> the</KeyInfo> -<CipherData> -<ciphervalue>0qp07jkmssytmhadatq+rkgcok21xbfh2zvtj4dissstnjhi3czbyw6qfasdpyug/zf+4rwh4anj/ irgavzesyra929zav/rsypr3gqrowt20zr6d7ujufdgbm85kyzrqnxlwhcfeiux5vmjg+g3ouczhids8yvq+ Jjocdqqppv99sj8at2encyjjpkwjpgsf0ibpjmkpnp6motyheemvq==</ciphervalue> -</CipherData> +</EncryptedData> -</appSettings>

So long a string, no one will recognize your database address and login information:)

The operation process is as follows (RsaProtectedConfigurationProvider encryption ):

1: Run cmd, and navigate to C:\WINDOWS\Microsoft.NET\Framework\ v2.0.50727 (can directly run vs2005 command prompt tool, but seemingly vs2010 the default point of framework3.5 there is no aspnet_regiis command, in order to avoid some people can't find, so it is better to direct CMD. ）

2: Run

1 " appSettings " " D:\demo "   //Show" is encrypted configuration section, success! "

Here to notice, D:\demo is the path of the project, can be absolute path, can also be the relative path of the site, the specific method can refer to the help of aspnet_regiis. If you put the Web. config in the D-packing directory, the path is "d:\\". AppSettings is the name of the node to encrypt, or it can be encrypted for a node's child nodes, such as

1 " system.web/authentication " " D:\demo "

After encryption is complete, the use is exactly the same as before encryption, in addition to visually becoming complex strings. Run the parameter-pdf when decrypting, for example:

1 " appSettings " " D:\demo "  //Show" is decrypting the configuration section, success! "

An encrypted string, although it can be used natively, cannot be used directly on another computer (customer site or server). Some configuration is required.

1: Create key container (pc-operation container-exp, exportable)

1 " MyKey " -exp

2: Export the secret key in the container into the XML (PX operation container file, note that there is a space behind d:\\, otherwise you cannot find the file ^ ^)

1 " MyKey " " d:\\ keys.xml " -pri

3: Copy your keys.xml file to the server and import the secret key. (-pi the secret key in the import container)

1 " MyKey " "D:\keys.xml"

4: Assign permissions (ASPNET permissions)

1 " MyKey " " ASPNET "

5: Modify the Web. config file to add:

1<configuration>2<configprotectdata defaultprovider="Myprotectedconfigurationprovider">3<providers>4<add name="Myprotectedconfigurationprovider"Type="System.Configuration.RsaProtectedConfigurationProvider"Cspprovidername=""Usemachinecontainer="true"useoaep="false"Keycontainername="Sharedkeys"/>5</providers>6</configProtectedData>7</configuration>

Complete!

said so much, I am tired you also tired. Is there a simpler way? Yes. The development of the use of clear text, when deployed at the customer site to run aspnet_regiis encryption. (ellipsis)

ConnectionString encryption for Web. config