Home > Developer > ASP

ASP. NET 2.0 encrypts the Web. config configuration file

Source: Internet
Author: User
Tags connectionstrings
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

You can use protected configurations to encrypt sensitive information (including user names and passwords, database connection strings, and encryption keys) in the Web application configuration file (such as the Web. config file ). After the configuration information is encrypted, even if attackers obtain access to the configuration file, attackers cannot obtain access to sensitive information, thus improving application security.

Encrypt the database connection string of the Application of asp.net 2.0. For example, an unencrypted configuration file may contain a section specifying the connection string used to connect to the database, as shown in the following example:

 

<Configuration>

 

<ConnectionStrings>

<Add name = "SampleSqlServer" connectionString = "Data Source = localhost; Integrated Security = SSPI; Initial Catalog = Northwind;"/>

</ConnectionStrings>

</Configuration>

ASP. NET 2.0 has a new security feature. Any configuration section in the Web. config file can be encrypted. You can run the aspnet_regiis tool or program to complete this work. If you can directly access your Web server, you can run the following command line:

 

Cd % windows % \ Microsoft. NET \ Framework \ versionNumber

 

Aspnet_regiis-pe "connectionStrings"-app "/SampleApplication"-prov RsaProtectedConfigurationProvider

 

-Pd section

Decrypts the configuration section. This parameter uses the following optional parameters:

 

·-The app virtualPath specifies that decryption should be performed at the included path level.

 

·-Location subPath specifies the subdirectory to be decrypted.

 

·-Pkm specifies that the Machine. config file should be decrypted instead of the Web. config file.

 

-Pdf section webApplicationDirectory

Decrypts the specified configuration section of the Web. config file in the specified physical (non-virtual) directory.

 

-Pe section

Encrypts the specified configuration section. This parameter uses the following optional modifier:

 

·-Prov provider specifies the encryption provider to be used.

 

·-App virtualPath indicates that encryption should be performed at the included path level.

 

·-Location subPath specifies the subdirectory to be encrypted.

 

-Pkm specifies that the Machine. config file should be encrypted instead of the Web. config file.

 

-Wordpress section webApplicationDirectory

Encrypts the specified configuration section of the Web. config file in the specified physical (non-virtual) directory.

 

 

If you are using a virtual host or other server that cannot access the physical server, you can still encrypt the connection string through programming:

 

1 Configuration config = Configuration. GetWebConfiguration (Request. ApplicationPath );

2 ConfigurationSection section = config. Sections ["connectionStrings"];

3 section. SectionInformation. ProtectSection ("RsaProtectedConfigurationProvider ");;

4 config. Update ();

Currently, the configuration files encrypted with protected configurations do not display the connection strings in plaintext, but store them in encrypted format, as shown in the following example:

 

<Configuration>

 

<ConnectionStrings configProtectionProvider = "RsaProtectedConfigurationProvider">

<EncryptedData Type = "http://www.w3.org/2001/04/xmlenc#Element"

Xmlns = "http://www.w3.org/2001/04/xmlenc#">

<EncryptionMethod Algorithm = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>

<KeyInfo xmlns = "http://www.w3.org/2000/09/xmldsig#">

<EncryptedKey xmlns = "http://www.w3.org/2001/04/xmlenc#">

<EncryptionMethod Algorithm = "http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>

<KeyInfo xmlns = "http://www.w3.org/2000/09/xmldsig#">

<KeyName> RSA Key </KeyName>

</KeyInfo>

<CipherData>

<CipherValue> RXO/zmmy3sR0iOJoF4ooxkFxwelVYpT0riwP2mYpR3FU + r6BPfvsqb384pohivkyNY7Dm4lPgR2bE 9F
7k6TblLVJFvnQu7p7d/yjnhzgHwWKMqb 0 M 0t0Y8DOwogkDDXFxs1UxIhtknc + 2a 7UGtGh6D

I3N572qxdfmGfQc7ZbwNE =

</CipherValue>

</CipherData>

</EncryptedKey>

</KeyInfo>

<CipherData>

<CipherValue> KMNKBuV9nOid8pUvdNLY5I8R7BaEGncjkwYgshW8ClKjrXSM7zeIRmAy/cTaniu8Rfk92KVkEK83
+ UlQd + random

11i + StkBLlHPyyhbnCAsXdz5CaqVuG0obEy2xmnGQ 6G 3Mzr74j4ifxnyvRq7levA2sBR4lhE 5 M 80Cd5yKEJktcPWZYM
99tmy3kyjtmrw/Ws/XO3z9z1b1KohE5Ok/YX1YV0 + Uk4/yuZo0Bjk + rErG505YMfRVtxSJ4ee418

Bytes + TerAee/SiBCrA 8 M /N
9 bpLlRJkUb + URiGLoaj + XHym // fmCclAcveKlba6vKrcbqhEjsnY 2F 522yathc0 + wXUWqif7rSIPhc0 +

MT1hB1SZjd8dmPgtZUyzcL51DoChy + hZ4vLzE =

</CipherValue>

</CipherData>

</EncryptedData>

</ConnectionStrings>

 

For more information, see the related chapter of MSDN: Overview of protected configurations.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to set default page in asp net web config set default page in asp net web config asp net web hosting asp net web asp net file browser asp net file upload asp net configuration in visual studio 2015
Related Article
ASP. NET core combined with consul cluster &docker to rea...
ASP. NET Core SignalR uses a generic hub to gracefully invoke...
ASP. NET Core 2.0 leverages Masstransit integrated RABBITMQ
Integration testing of ASP. NET Core Webapi using Xunit

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More