加密、解密web.config文件(针对某些要加密的字段加密、解密)
2008-08-27 15:24
429 查看
1. Description:[/b]
The we put user name and password directly in web.config. if
the hacker attacked the web site, these important information will be unsafe.
So we should encrypt important information to keep mind. Even the hacker
attacked the web site, we can stop it to affect our database any more.
2. What we need to do is:[/b]
Before encrypted:
What we need to do:
3. Methods:[/b]
There are two different ways to fulfill this:
3.1. Use default RSA secret key
container.
3.2. Custom our own RSA secret key container, but in this way, we need to set
access privileges.
4. Steps[/b]
4.1 First, let’s do default setting.[/b]
4.1.1.
Open one notepad, and copy this code in it and save it.
Save it as “my.aspx” into your web site and run it. It will
shows “ NT AUTHORITY/NETWORK SERVICE ”
4.1.2.
(Key) run “cmd”, and execute these orders:
Description:
NetFrameworkConfigurationKey
is RsaProtectedConfigurationProvider’s default provider key。
4.1.3. Now, let’s encrypt web.config, run:
Description:
"connectionStrings" is
what we want to encrypt,"/Myweb"
is web site path.
Decrypt:
4.1.4. Then you can use it in your code without decrypting:
4.2 Of course, we can custom our own RSA secret key container.[/b]
4.2.1. Create
our own secret key container “MyKeys”, run:
4.2.2. In web.config, put these code in it:
To identify the provider which it is.
4.2.3. This is different with default secret key container; we need to set
access privilege for our own customed provider.
4.2.4. Now, you can encrypt your web.config:
Encrypt:
Description:
"connectionStrings" is what we want to encrypt,"/Myweb" is web site
path. "MyProvider" is our own customed container.
Decrypt:
The we put user name and password directly in web.config. if
the hacker attacked the web site, these important information will be unsafe.
So we should encrypt important information to keep mind. Even the hacker
attacked the web site, we can stop it to affect our database any more.
2. What we need to do is:[/b]
Before encrypted:
<connectionStrings> <add name="Pubs" connectionString="Server=localhost;Integrated Security=True;Database=Pubs" providerName="System.Data.SqlClient" /> <add name="Northwind" connectionString="Server=localhost;Integrated Security=True;Database=Northwind" providerName="System.Data.SqlClient" /> </connectionStrings> |
<connectionStrings> <EncryptedData> <CipherData> <CipherValue>AQAAANCMndjHoAw...</CipherValue> </CipherData> </EncryptedData> </connectionStrings> |
There are two different ways to fulfill this:
3.1. Use default RSA secret key
container.
3.2. Custom our own RSA secret key container, but in this way, we need to set
access privileges.
4. Steps[/b]
4.1 First, let’s do default setting.[/b]
4.1.1.
Open one notepad, and copy this code in it and save it.
<%@ Page Language="C#" %> <% Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name); %> |
shows “ NT AUTHORITY/NETWORK SERVICE ”
4.1.2.
(Key) run “cmd”, and execute these orders:
cd %windows%/Microsoft.NET/Framework/versionNumber aspnet_regiis -pa "NetFrameworkConfigurationKey" "NT AUTHORITYNETWORK SERVICE" |
NetFrameworkConfigurationKey
is RsaProtectedConfigurationProvider’s default provider key。
4.1.3. Now, let’s encrypt web.config, run:
aspnet_regiis -pe "connectionStrings" -app "/Myweb" |
"connectionStrings" is
what we want to encrypt,"/Myweb"
is web site path.
Decrypt:
aspnet_regiis -pd "connectionStrings" -app "/Myweb" |
... string connstr= ConfigurationManager.ConnectionStrings["myConnstr"].ConnectionString.ToString(); ... |
4.2.1. Create
our own secret key container “MyKeys”, run:
aspnet_regiis -pc "MyKeys" -exp |
<protectedData> <providers> <add name="MyProvider" type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0. 0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d0a3a, processorArchitecture=MSIL" keyContainerName="MyKeys" useMachineContainer="true" /> </providers> </protectedData> |
4.2.3. This is different with default secret key container; we need to set
access privilege for our own customed provider.
aspnet_regiis -pa "MyKeys" "NT AUTHORITYNETWORK SERVICE" |
4.2.4. Now, you can encrypt your web.config:
Encrypt:
aspnet_regiis -pe "connectionStrings" -app "/Myweb" -prov "MyProvider" |
"connectionStrings" is what we want to encrypt,"/Myweb" is web site
path. "MyProvider" is our own customed container.
Decrypt:
aspnet_regiis -pd "connectionStrings" -app "/Myweb" -prov "MyProvider" |
相关文章推荐
- ASP.NET 2.0加密解密Web.config配置文件
- Web.config配置文件的加密,解密及读写操作
- c# web.config 配置文件的加密与解密,aspnet_regiis.exe
- web.config文件中配置节的加密与解密
- 加密和解密web.config文件中的数据库连接串
- c# web.config 配置文件的加密与解密,aspnet_regiis.exe
- web.config文件中节点加密解密
- C# web.config 配置文件的加密与解密,aspnet_regiis
- PetShop 4.0知识点:加密和解密Web.config文件的配置节
- PetShop 4.0知识点:加密和解密Web.config文件的配置节
- ASP.NET 2.0加密Web.config 配置文件
- Web.config加密和解密
- ASP.NET 2.0加密Web.config 配置文件
- asp.net 2.0 中加密web.config 文件中的配置节
- 配置文件(Web.Config)加密解密详细说明
- ASP.NET 2.0加密Web.config 配置文件
- 使用exe程序加密解密,web.config时出错 ”Unable to save config to file...."
- web.config文件加密-ASP.NET
- DataProtectionConfigurationProvider加密web.config文件
- asp.net 2.0 中加密web.config 文件中的配置节