Introduction to ASP. NET configuration file encryption and asp.net configuration file

Introduction to ASP. NET configuration file encryption and asp.net configuration file

In an ASP. in the. NET project, when the project is deployed to the production environment, the Leader asks the configuration file (such as web. config, app. config.

The first method is to write an encryption and decryption algorithm to save the values in these configuration files in the config file as ciphertext, then decrypt it. This method is directly denied, because in the Code, the config values obtained are scattered and it is difficult to modify them one by one.

I found a perfect solution, which is simple, fast, and does not modify any code. Let's take a look at the solution:

ASP. NET 2.0 provides a protection configuration model to encrypt and decrypt the sections information in web. config. RSAProtectedConfigurationProvider: encryption and decryption are performed by default using the RSA public key.

First, execute aspnet_regiis.exe in the Windows command line to encrypt and decrypt data.

Create a new websit project in VS, open web. config, and add a database connection string, such:

 

Then, follow these steps to encrypt and decrypt the data connection string.

 

1. Start Menu> All Programs> Microsoft visual studio 2008> Visual Studio Tools> Visual Studio 2008 developer command prompt (if it is Windows 7, right-click and run it as Administrator)

2. In the command window, enter the command aspnet_regiis.exe-Arg "etettings" C: \ VisualStudio2008 \ Authorization"

-Running the "& lt; & gt. The second "deleettings" is the name of the configuration node you want to encrypt. The third parameter indicates the physical path of web. config.

3. After the command is successfully executed, the message "encryption successful" is displayed.

Now, open the web. config in the program, and the image will look like this.

 

We do not write any code in the program to decrypt the connection string, because. NET will automatically decrypt the connection string for us. If we want to use a connection string, we can call it as usual.

string strconnection = ConfigurationManager.AppSettings["dbconnection"].ToString();

 

If you want to decrypt the file, enter aspnet_regiis.exe-pdf "etettings" C: \ VisualStudio2008 \ Authorization "in the vscommand window"

After successful execution, the decryption is successful.

Open web. config, and we can see the decrypted string.

Friends, is it very convenient.