Web. config encryption and decryption)

Source: Internet
Author: User
Tags connectionstrings

Web. in the config file, we do not want to find some private information, such as passwords, database links, and ASP.. Net configuration API provides encryption and decryption of web. the configuration snippets (sections) in config support. This provides you with great convenience to protect your privacy information (such as passwords. This articleArticle.
There are two methods to encrypt the configuration snippets (sections). Microsoft provides two providers: dpapi (Windows Data Protection API) and RSA provider. The RAS provider is the default value. It uses an RSA key and has a public key and a private key. Dpapi provider uses the machine-compiled standard key (built-in machine-specific key ). Next, let's encrypt the sections in the configuration file using the RSA method.

1: Open Visual Studio> File> website> Select language (C # Or Visual Basic) and create a new Asp.net website.
2: add the Web. config file to the project. Right-click Project> Add new project> Web configuration file.
Open the Web. config file and add the following lines in the <configuration> tag:

< Configuration >
< Appsettings >
< Add key = " Var1 " Value = " Somevalue " />
</ Appsettings >
< Connectionstrings >
< Add name = " Myconnstring " Connectionstring = " Data Source = (local); initial catalog = northwind; Integrated Security = true; "   />
</ Connectionstrings >
< System. Web > ...
</ Configuration >

3: Add two buttons to the page. Name: btnencrypt and btndecrypt. We will use these two buttons to encrypt and decrypt the sections in Web. config. Add the following button click events for the two buttonsCode:

Using System. Data;
Using System. configuration;
Using System. Data. sqlclient;
Using System. Web. configuration;

String Provider =   " Rsaprotectedconfigurationprovider " ;
String Section =   " Connectionstrings " ;
Protected   Void Btnencrypt_click ( Object Sender, eventargs E)
{
Try
{
Configuration confg = Webconfigurationmanager. openwebconfiguration (request. applicationpath );
Configurationsection confstrsect = Confg. getsection (section );
If (Confstrsect ! =   Null )
{
Confstrsect. sectioninformation. protectsection (provider );
Confg. Save ();
}
// The encrypted section is automatically decrypted !!
Response. Write ( " Configuration section "   +   " <B> "   +
Webconfigurationmanager. connectionstrings [ " Myconnstring " ]. Connectionstring +   " </B> "   +   " Is automatically decrypted " );
}
Catch (Exception ex)
{
}
}
Protected   Void Btndecrypt_click ( Object Sender, eventargs E)
{
Try
{
Configuration confg = Webconfigurationmanager. openwebconfiguration (request. applicationpath );
Configurationsection confstrsect = Confg. getsection (section );
If (Confstrsect ! =   Null   && Confstrsect. sectioninformation. isprotected)
{
Confstrsect. sectioninformation. unprotectsection ();
Confg. Save ();
}
}
Catch (Exception ex)
{
}
}

In the above Code, we use the specified virtual path to open the Web. config file and convert it to the system. configuration. Configuration object. Call the getsection () method to obtain the specified configurationsection object, which is connectionstrings. The configurationsection. sectioninformation attribute provides the sectioninformation object for us. Finally, the method for calling the sectioninformation object is protectsection () to encrypt the sections information.
Similarly, when decrypting a section, you only need to call the unprotectsection () method on the sectioninformation object.

 

4: Next we will applyProgramTo open the Web. config file. You will see that the <connectionstring> section has been encrypted as follows:

< Connectionstrings configprotectionprovider = " Rsaprotectedconfigurationprovider " >
< Encrypteddata type = " Http://www.w3.org/2001/04/xmlenc#Element "
Xmlns = " Http://www.w3.org/2001/04/xmlenc # " >
< Encryptionmethod Algorithm = " Http://www.w3.org/2001/04/xmlenc#tripledes-cbc "   />
< Keyinfo xmlns = " Http://www.w3.org/2000/09/xmldsig # " >
< Encryptedkey xmlns = " Http://www.w3.org/2001/04/xmlenc # " >
< Encryptionmethod Algorithm = " Http://www.w3.org/2001/04/xmlenc#rsa-1_5 "   />
< Keyinfo xmlns = " Http://www.w3.org/2000/09/xmldsig # " >
< Keyname > RSA key </ Keyname >
</ Keyinfo >
< Cipherdata >
< Ciphervalue > Zehn7b + Vxbdjte1x3nfz9uz3nqxvjsmmbytlehgnlza4
Bytes
Dmagk5bsjade1xkjbuotdioi / Ron7qjdwxwllc3v
Vmnwgabmj9ru + Rn35toqpznc = </ Ciphervalue >
</ Cipherdata >
</ Encryptedkey >
</ Keyinfo >
< Cipherdata >
< Ciphervalue > Q2amqnwjeyebmxf5pz3xqfbonujksml773mpkisgi6uwcwcdps
0icclmh1eqycsi9flxfvefyryrrugqou2xe + Gd3arzez5irpgfb45fn6m + Te 1, 7kg
Oetk1gjgesbeanjbnwgpcxmh9ria9xvovwllayj3u8dsdq + 4jmm / Ztutxer / 8dl
Ui7 + U8d + 9v4b5twxshp4btomfdtcefhmb19pgdn + Jocget
Wbjiro5cjslxi = </ Ciphervalue >
</ Cipherdata >
</ Encrypteddata >
</ Connectionstrings >

 

5: run the program again and click the "decrypt" button. You will see that the <connectionstrings> section has returned the pre-encryption style and is no longer an unreadable encrypted character.

Tip: It should be noted that, for example, some 'section Groups' such as <system.net> and <mailsettings> cannot be encrypted. Only 'sets' can be encrypted, except for a few parts, such as <configprotecteddata>, <processmodel>, and You can also use the aspnet_regiis.exe command line tool to encrypt the sections in the web. config file.
Encryption:

Aspnet_regiis.exe - WordPress " Connectionstrings "   " C: \ Inetpub \ wwwroot \ yourwebsite " -Prov " Rsaprotectedconfigurationprovider "

Decryption:

Aspnet_regiis.exe - PDF " Connectionstrings "   " C: \ Inetpub \ wwwroot \ yourwebsite "

Although ASP. NET rejects all requests with the. config extension, When you deploy the program to a Web server, the person with the file access permission will have the opportunity to read the sensitive information. ASP. NET provides some easy-to-use methods to protect the configuration section. We should make full use of these methods.

 

 

From: http://pxtfh.blog.163.com/blog/static/12313452009316532501/

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.