Why do we need to encrypt web. config?
Why? The reason is actually based on security considerations.
To put it simply, in asp.net, encrypted web. config can effectively ensure the security of database users and passwords and other important configuration information.
In asp.net, you can use protected configurations to encrypt sensitive information (such as user names, passwords, database connection strings, encryption keys, etc) in web. config)
After the configuration information is encrypted, even if you have obtained access to the configuration file, the attacker cannot obtain access to sensitive information, thus improving application security. How to encrypt web. config?
(The following is only a demonstration of specific project operations)
1. Create a website or webapplication project (E: \ Enconfig \ WebApplication1)
2. Add a new one in web. config.
<ConnectionStrings>
<Add name = "SqlServices" connectionString = "Data Source = localhost; Integrated Security = SSPI; Initial Catalog = Northwind;"/>
</ConnectionStrings>
3. Encrypt connectionStrings as follows:
Use the command line tool regaspnet_iis
(The version number of the Framework is self-selected. Here we select the v2.0.50727 folder)
Cd C: \ WINDOWS \ Microsoft. NET \ Framework \ v2.0.50727
Aspnet_regiis-pe "connectionStrings"-app "/EnConfig/WebApplication1"
If you run the command directly, an error is reported. The error message is as follows:
Encrypting configuration section
A configuration file cannot be created for the requested Configuration object.
Failed!
How can this problem be solved? It's also very simple.
You only need to set the attributes of the E: \ Enconfig folder to web Sharing.
See the figure below: (figure 1)
In this case, the ConectionString in web. config is encrypted.
How can we decrypt it?
* In fact, ASP. NET automatically decrypts the content of the Web. config file.
Therefore, encryption settings can be decrypted without any additional steps for other ASP. NET functions or to access values in the code.
Directly used in the program
ConfigurationManager. ConnectionStrings can get the configuration items and values you want, and so on. Let's Watch it on our own. In this way, let's talk about it.
You only need to change the-pe parameter to-pd. The procedure is as follows:
Aspnet_regiis-pd "connectionStrings"-app "/EnConfig \ WebApplication1"
Operation success information:
Decrypting configuration section
Succeeded!
Figure 1: Set web Sharing
The following is the encrypted ConnectionString:
<ConnectionStrings configProtectionProvider = "RsaProtectedConfigurationProvider">
<EncryptedData Type = "http://www.w3.org/2001/04/xmlenc#Element"
Xmlns = "http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<KeyInfo xmlns = "http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns = "http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm = "http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns = "http://www.w3.org/2000/09/xmldsig#">
<KeyName> Rsa Key </KeyName>
</KeyInfo>
<CipherData>
<CipherValue> lDEPz9sfUaFP26qIsQC3wZd43xr/NOjE3CxcMitgKnnNoa9tLUUjSJVfsvBRnXyGHyKJ0 + Signature = </CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue> encrypt/decrypt/6EMlgkn5KdOb + encrypt + TaDnB4FVy + ddSJrWmJCPRIXFcCPHO03l/decrypt/Q99AtA8FwQY5BmVPvw = </CipherValue>
</CipherData>
</EncryptedData>
</ConnectionStrings>
Figure 3: Automatic aspnet decryption
