Please indicate from "Yang Guo under the bodhi tree"-http://www.cnblogs.com/yjmyzz/archive/2008/08/22/1274395.html
I. Use code for encryption and decryption
Using System. Web. Configuration;
// Encrypt the specified section in web. Config
Private void ProtectSection (string sectionName)
{
Configuration config = WebConfigurationManager. OpenWebConfiguration (Request. ApplicationPath );
ConfigurationSection section = config. GetSection (sectionName );
If (section! = Null &&! Section. SectionInformation. IsProtected)
{
Section. SectionInformation. ProtectSection ("DataProtectionConfigurationProvider ");
Config. Save ();
}
}
// Decrypt the specified section in web. Config
Private void UnProtectSection (string sectionName)
{
Configuration config = WebConfigurationManager. OpenWebConfiguration (Request. ApplicationPath );
ConfigurationSection section = config. GetSection (sectionName );
If (section! = Null & section. SectionInformation. IsProtected)
{
Section. SectionInformation. UnprotectSection ();
Config. Save ();
}
}
Example: // Encrypted connection string
Protected void btnEncrypt_Click (object sender, EventArgs e)
{
ProtectSection ("connectionStrings ");
}
Changes:
Before encryption:
<ConnectionStrings>
<Add name = "connStr" connectionString = "Data Source = server; Initial Catalog = Lib; User ID = sa; password = ***"
ProviderName = "System. Data. SqlClient"/>
</ConnectionStrings>
After encryption:
<ConnectionStrings configProtectionProvider = "DataProtectionConfigurationProvider">
<EncryptedData>
<CipherData>
<CipherValue> AQAAANCMnd8BFdERjHoAwE/Cl + sbaaayzatjjjo 0km/queues/0tpmh7ywaaqaa85nfh133
Authorization/nT + UvpRp154TNnm04LP/iq1indxepw2teviiooexarx8fly00r
Authorization/S87co63ioWie8QDVgGuaTEaSyklC9STyvRsLU6A/qxalchy4vorjzno/27 vGoin + c3AJ587wMKJyJBiV08DyzoGM7elAlg8yTAeHv
Vmloefctuwsc116f2rwhi3fzyuyykczysfhxlexdbj + YRiBxYWP6xzffIdyWzrawxaIfnPq/quit
OcSfbD2LXX4YP506vHDXw </CipherValue>
</CipherData>
</EncryptedData>
</ConnectionStrings>
Note:
After encryption, you can still read the data according to the previous operations.
<ConnectionStrings configProtectionProvider = "DataProtectionConfigurationProvider">
The method used for decryption has been specified here, And asp.net will automatically process it
Ii. Use the aspnet_regiis.exe tool for encryption and decryption
Steps:
1. First generate the RSA container locally (For more information about RSA, see http://msdn.microsoft.com/zh-cn/library/yxw286t2 (VS.80). aspx)
Aspnet_regiis.exe-pc "JimmyKeys"-exp
Note: JimmyKeys is the container name, which can be changed as needed.
2. Export RSA to an xml file.
Aspnet_regiis.exe-px "JimmyKeys" c: \ JimmyKeys. xml"
3. Add a section in web. config, which is generally placed before <ettings>, as shown below:
<ConfigProtectedData>
<Providers>
<Add name = "JimmyRSAProvider"
Type = "System. Configuration. RsaProtectedConfigurationProvider, System. Configuration, Version = 2.0.0.0, Culture = neutral, PublicKeyToken = b03f5f7f11d50a3a"
KeyContainerName = "JimmyKeys"
UseMachineContainer = "true"/>
</Providers>
</ConfigProtectedData>
<Deleetask>
...
4. encrypt web. config
Aspnet_regiis.exe-Arg "etettings" c: \ website "-prov" JimmyRSAProvider"
Decryption:
Aspnet_regiis.exe-pdf "appSettings" "c: \ website"
5. Deploy to a remote server (one or more servers)
A. Upload the website file and JimmyKeys. xml (that is, the exported RSA container file) to the server and import the RSA
Aspnet_regiis.exe-pi "JimmyKeys" c: \ JimmyKeys. xml"
B. Check the default account used for aspx logon on the server.
Response. Write (System. Security. Principal. WindowsIdentity. GetCurrent (). Name );
Just create An aspx and paste the previous line of code into it. The IIS5 environment outputs ASPNET and the IIS6 environment outputs network service, I have never tried IIS7 and I don't know what the output is.
C. Grant the RSA window read permission to the default account in B.
Aspnet_regiis.exe-pa "JimmyKeys" "network service"
By the way, sort the commands for these operations into several batches.
1. Local bat (create an RSA container, export the container, and encrypt web. config)
% Windir % \ Microsoft. NET \ Framework \ v2.0.50727 \ aspnet_regiis.exe-pz "JimmyKeys"
% Windir % \ Microsoft. NET \ Framework \ v2.0.50727 \ aspnet_regiis.exe-pc "JimmyKeys"-exp
% Windir % \ Microsoft. NET \ Framework \ v2.0.50727 \ aspnet_regiis.exe-px "JimmyKeys" "c: \ JimmyKeys. xml"
% Windir % \ Microsoft. NET \ Framework \ v2.0.50727 \ aspnet_regiis.exe-Arg "etettings" "c: \ website"-prov "JimmyRSAProvider"
2. Remote Server bat (import RSA container, authorize)
% Windir % \ Microsoft. NET \ Framework \ v2.0.50727 \ aspnet_regiis.exe-pi "JimmyKeys" "c: \ JimmyKeys. xml"
% Windir % \ Microsoft. NET \ Framework \ v2.0.50727 \ aspnet_regiis.exe-pa "JimmyKeys" "network service"
Before encryption:
<ConnectionStrings>
<Add name = "connStr" connectionString = "Data Source = server; Initial Catalog = Lib; User ID = sa; password = ***"
ProviderName = "System. Data. SqlClient"/>
</ConnectionStrings>
After encryption:
<ConnectionStrings configProtectionProvider = "JimmyRSAProvider">
<EncryptedData Type = "http://www.w3.org/2001/04/xmlenc#Element"
Xmlns = "http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<KeyInfo xmlns = "http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns = "http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm = "http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns = "http://www.w3.org/2000/09/xmldsig#">
<KeyName> Rsa Key </KeyName>
</KeyInfo>
<CipherData>
<CipherValue> encrypt/decrypt
/VOIU7KTyFjk = </CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue> c4HD + EfJl // outputs/AwXy/3JECuNEd8YGOO + RDhxw8NySd8vUc53 + iUiHW5TLs/secure + MAmhkiHQ46p
H2VyjyprNsl8LE2pGNjDOJnDeGYq + wkn2iw968 + signature + eCWE2IqCP + s58eQRjU3MxJ2BqeUU9HaKy4 = </CipherValue>
</CipherData>
</EncryptedData>
</ConnectionStrings>
Similarly, after encryption in this way, aspx does not need to be decrypted and the Code does not need to be modified.
Note: not all nodes can be encrypted. ASP. NET 2.0 only supports encryption for some configuration sections of Web. config. Data in the following configuration sections cannot be encrypted:
• <ProcessModel>
• <Runtime>
• <Mscorlib>
• <Startup>
• <System. runtime. remoting>
• <ConfigProtectedData>
• <Satelliteassemblies>
• <CryptographySettings>
• <CryptoNameMapping>
• <CryptoClasses>
In addition to the deleettings and ConnectionStrings nodes, you can write as follows:
Aspnet_regiis.exe-Arg "system. serviceModel/behaviors" "d: \ website \ cntvs \"
That is, for <system. <behaviors> node encryption under serviceModel>. This node is also suitable for code encryption. After several attempts, it seems that other nodes except deleettings and ConnectionStrings can only support second-level nodes.
As follows:
Aspnet_regiis.exe-Arg "system. serviceModel/behaviors/endpointBehaviors" "d: \ website \ cntvs"
An error is reported during running:
The configuration section "system. serviceModel/behaviors/endpointBehaviors" is not found ".