Talking about ASP. NET configuration file encryption

An ASP that was just completed . NET project, when a project is deployed into a production environment, the leader requires that sensitive characters in the configuration files in the project (such as Web. config,App. config) cannot appear, such as database connections, and so on.

The first idea is to write an encryption and decryption algorithm, the values in these configuration files stored in the config file in a cipher , the code in the value of the config file, and then decrypt. This method is directly negated because the code that gets the config value is scattered and difficult to modify.

Looking for information, found that there is a perfect solution, simple, fast, and will not modify any of the code. Let's take a look at what the solution is:

Asp. NET 2.0 provides a protection configuration model to encrypt and decrypt sections information in Web. config. RsaProtectedConfigurationProvider: By default, the RSA public key is encrypted and decrypted.

First, we encrypt and decrypt by executing aspnet_regiis.exe on the Windows command line .

Create a new Websit project in VS, open Web. config and join the database connection string, such as:

Then we follow the steps below to encrypt and decrypt the data connection string

1. Start Menu >> All Programs >>microsoft Visual Studio >> Visual Studio Tools >> Visual Studio 2008 Open Send a command prompt (if windows7, right-click and run as Administrator )

2. In the Command window, enter the command aspnet_regiis.exe-pef "appSettings " "C:\VisualStudio2008\Authorization"

–PEF indicates that the program was established in the form of a file system. The second "AppSettings" is the name of the configuration node you want to encrypt . The third parameter named the physical path of the Web. config.

3. The successful execution of the command displays: encryption is successful.

Now, when you open the Web. config in the program, it will look like this.

We do not have to write any code in the program to decrypt the connection string, because . NET will automatically decrypt for us. If we want to use a connection string, we can call it as usual .

string strconnection = configurationmanager.appsettings["dbconnection"]. ToString ();

If we want to decrypt it, we just need to enter aspnet_regiis.exe-pdf "appSettings " "C:\VisualStudio2008\Authorization" in the VS Command window.

After successful execution, the decryption is displayed successfully.

Then open Web. config and we can see the decrypted string.

Small friends, is not very convenient AH.

Talking about ASP. NET configuration file encryption