用后台编码的形式对web.config数据库连接字符串或者某个节点进行加密
这里提供俩种方式:
DataProtectionConfigurationProvider和RSAProtectedConfigurationProvider
编码形式
新建一个空网站添加Web窗体页面WebConfigRSA.aspx
范例:
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<h2>使用“DataProtectionConfigurationProvider”</h2>
<h2>对web.config 中 <connectionStrings></connectionStrings>节点加密</h2>
<asp:Button ID="btnJiaM" runat="server" Text="Data加密" onclick="btnJiaM_Click" />
<br />
<br />
<asp:Button ID="btnJieM" runat="server" Text="Data解密" onclick="btnJieM_Click" />
</div>
<div>
<h2>使用“RSAProtectedConfigurationProvider”形式来加密</h2>
<h2>对web.config 中 <connectionStrings></connectionStrings>节点加密</h2>
<asp:Button ID="btnRsaJiaM" runat="server" Text="RSA加密" OnClick="btnRsaJiaM_Click" />
<br />
<br />
<asp:Button ID="btnRsaJieM" runat="server" Text="RSA解密" OnClick="btnJieM_Click" />
</div>
</form>
</body>
</html>using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
using System.Web.Configuration;
namespace WebCfProtection
{
public partial class WebConfigRSA : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
/// <summary>
/// DataProtectionConfigurationProvider加密webconfig
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnJiaM_Click(object sender, EventArgs e)
{
Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section = config.GetSection("connectionStrings");
if (section != null && !section.SectionInformation.IsProtected)
{
section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
config.Save();
}
}
/// <summary>
/// DataProtectionConfigurationProvider
/// RSAProtectedConfigurationProvider
/// 俩种解密方式一样
/// 注意;加密和解密必须在同一台机子上(例如在服务器上加密的web.config 将密文拿到另一台机子上去解密是没办法成功的)
/// 解密webconfig
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnJieM_Click(object sender, EventArgs e)
{
Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section = config.GetSection("connectionStrings");
if (section != null && section.SectionInformation.IsProtected)
{
section.SectionInformation.UnprotectSection();
config.Save();
}
}
/// <summary>
/// RSAProtectedConfigurationProvider 加密web.config
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnRsaJiaM_Click(object sender, EventArgs e)
{
Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section = config.GetSection("connectionStrings");
if (section != null && !section.SectionInformation.IsProtected)
{
section.SectionInformation.ProtectSection("RSAProtectedConfigurationProvider");
config.Save();
}
}
}
}web.config
<?xml version="1.0" encoding="utf-8"?>
<!--
有关如何配置 ASP.NET 应用程序的详细消息,请访问
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<connectionStrings>
<add name="ConnectionString" connectionString="User Id=cxp;Password=cxp123;Data Source=WZ_CXP; pooling=true;min pool size = 2;max pool size = 20;connection lifetime = 20;Persist Security Info=True;"
providerName="Oracle.DataAccess.Client" />
</connectionStrings>
</configuration>DataProtectionConfigurationProvider加密webconfig后的文件对比
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<connectionStrings configProtectionProvider="DataProtectionConfigurationProvider">
<EncryptedData>
<CipherData>
<CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAApBayeiiRRkCPnHwQ/Gc6NgQAAAACAAAAAAAQZgAAAAEAACAAAADQaRTrjrRm+WEzQlALGVyWr7UkJJcDtfEanxUMuzeSSwAAAAAOgAAAAAIAACAAAADViuHu1S+IdiAAW4jh9/yJl5m8cL3M1xGAV6BW5cLQUlACAADJl+g82iyx7+lv3bbbxCMaXAf4YgbyRE9HjiABcWrIi6bAWRljptR+djZ9wOKOXTwo6qGeW7zXRcu29TIR6vQGfcTnNeeCCNSFDe8haBBrbE97+xfRWCqwW+rYCHkOzDdgXt4KLEEVJD9cB8fRpg/LhLxRAquuk2CqPYDatuww7s+qfPjkOi7dKqPtq8WHgYDiP5HQElE6Rn6vUX60GPnXKY5ZySQKFsw4DdLJW9be0YWxbBR+5RpbBC09/9Ww0fOdjnaqiDpkhOG8gTsCNJ/7t/Zo6w0IscKkFogIzBGNF8JvX8EpqxcBpqHJ2TjrvNWsj/bLM5b7OEON2KZUyekE03m09yhKrDJKnpoD6k0ZgWTKWVS1xRJpAbhCsqgjnIUbVX0FJh8NudQ41Ux6Niq0mU4uX8MjZPNrZp6DVp7JOHuVvdxssJMXuCR7eUg7IHYFhtuDhOct45h5EJxuBdrgyMXUVv+4zHa+LyQOxWqhaGVAsDNn/oA61qElZRZXwL+tOUZAnnuNd5QHGiduGxzCWVoATfal2Eu5bMwxi8mwpTSHJPFwhNPK1X1c/vgCxyfdwKobzQl8MGrzAKtCA0hb2DGL95IOvUxKVBbuTNv/Rwbpjnjc72uGiwaW5MF1PxXZU7/OcC0mKZUdHqzMl4/QFAZE4d9He98oLSM61okO7+cZSahGqtpClxlkKaQZTbJ8b2s32JbLGDyfcwmR7r5DOO5tZKr+zoKC6PiQsNkWg10uRBp1eLvM3j49rNt3+krK/xjHBglRB1WyPU4bqFj0QAAAAK7BcyM5eK+5H21IxTNOxspi0b/1oKMLTlwKFjHvowIeNNPRFL9LHtCxmSvs/tRFDQP3cAh0lEmBJ4XZjB60WuY=</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
</configuration>RSAProtectedConfigurationProvider 加密web.config后的文件对比
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>wS8zmwLfvJWvu0pWuWdpumwi+pXEBw3j5IQ4ny6JQCkXqeqBX7F89oHxWF2MpThbqb4txIygt9LSmwmDC/ooGW4j+vYjkVV8NxJNOy9D9TJp+G3egSMBiWkZfU95QpPTd/O1cmof2kYtUoIZcUqvk21FJi0/1xLO1ViBhBf4AiQ=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>o+t1yi+NdVU22Mi2ftZ4DXyIdvnrj431T3Ud9UbGPGsLBl2YFTlj1vaj7LhFLSwXdvVpn3ffd1FUfRyevseRAz1M79+walyisRv+7xX+X/OkfbtH4fKhE4cyUR+FeKRArD/bLnRz4G3aBUvBaiWaVtaDrEPD1s4dMdvDBDMd7BSP86fNsoGCUFBMMRBEbTKP3UO5YagvuT5RBE8Hh6I2RrbfT6ZFWXsmCMfoOFcSYiDUbLzWuX02nBzDZJVTMiHoTZqxAbfr4fpXONkO3Fq7Ihj1yZfKlu+cbRtHxrAfp6Ro4tNRrwwo/0xgT4bUaD5q5v8GmbTYcAY/tXxL+ImLwL7vd+syRDxamErrqL+0eP17b4MGj3l82e8ubFPbwKvWR4m/efFuW3IAMQkK185uNw==</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
</configuration>非编码形式-利用Visual Studio 命令提示(2010)
开始–>程序–>Microsoft Visual Studio 2010–>Visual Studio Tools–>Visual Studio 命令提示(2010)
加密
aspnet_regiis -pef "connectionStrings" "D:\wzfb"
解密
aspnet_regiis -pdf "connectionStrings" "D:\wzfb"同样是用上面的案例的web.config 加密后得到的格式如下:
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>G6d6t1Sxntr8OouOy7CLDVI+sRrvbCUc/04Pn9OruiHrchpg5Q0sxoo96rLLXbg027tOeVhxWWCaSgED6PxoYyvsyrrI2EXbgUd9pxTKxgToKtAXrjjBeJBw4qfxD73S4DHVzM85mifVlG/upT3ASaSzvyOPxH1jdlTklTxCoig=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>5C5imqKACI22LLyLlLyP437QvNnC8A82PgbbdBNGrYWmbNe9hTtplP6iLfhwZvQmjzO+E/laUuYIWcaIhupbqC8GuSjvUekweqHRJRr95iEFXeey8pkm4CzWKJU0cui5+HzUL7nkvZ5+EHX1a1kdgZiGSjVcOwT0XDUiFc1i59vMXWeMkQhGBJ9TkdiwidQMJRiuWh7PQ1JIALv14Fo+L/r2Ikv2CPSU+lJT4npNnHpvkwmfljvKPnDPuKVxgoCk5EftAhbPpvj/60eexN3wWr3Ml9xkP7p0/dACj/LMv9UpoOpGerGuWFVolo0C8io5+Jt6ycUzQ1iQGC1aNNZkTQ6N1E823Hv/v3xOCSYhUbQ05qlKxY8WZjgLv3mIgdZs78LGXUaeYuPCj5xE0GkFbg==</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
</configuration>基本上得出的结论是非编码形式-利用Visual Studio 命令提示(2010) 得到结果和 编码形式RSAProtectedConfigurationProvider 得到结果一致。(Visual Studio 命令提示(2010)加密 = RSAProtectedConfigurationProvider加密)
错误及解决方案
1.发布时权限不够是由于network service帐户无法访问 赋予network service读权限(操作方便给everyone用户全赋)
2.命令行加密、解密失败格式不一致或者空格。
例如:
参考文献中有些文章有些案例是这种写法aspnet_regiis**.exe** 导致加密解密失败
aspnet_regiis.exe -pef "connectionStrings" "D:\wzfb"后续补充:
2017-05-02 补充
页面增加测试按钮用于测试加密前与加密后,是否需要改变获取web.config中connectionStrings节点的方式。
<div>
<h2> <connectionStrings></connectionStrings>节点加密与未加密获取数据是否成功</h2>
<asp:Label ID="lblDate" runat="server" Text="点击获取数据按钮"></asp:Label>
<br />
<asp:Button ID="btnHqsj" runat="server" Text="获取数据" OnClick="btnGetData_Click" />
</div>DbHelperOra中的获取ConnectionString节点的方式
public static string connectionString = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;测试结果是不管是加密前还是加密后,都不需要修改DbHelperOra中的获取ConnectionString节点的方式。
都是可以成功连接到数据库从而获取数据。(之所以写这篇文章是我碰到过在老项目中增加了A功能,其中A功能正常运行过一段时间后,再次更新A功能迭代版本而无法访问数据库,从而怀疑是wen.config加密引起的,但web.config从始自终都是加密的。怎么会有更新后只有A功能模块无法访问,而老功能都正常的这种特殊情况. 在测试环境都是正常的,无法复现 )
2017-05-02 更新原因找到了具体为 不支持关键字: “connection timeout”
资源路径:
C# Web.Config 加密与解密
C# Web.Config 加密与解密3下最新的即可
参考文献:
[1]asp.net C#中对Web.Config字符串加密与解密的方法
[2]命令行工具aspnet_regiis.exe实现加密和解密web.config
[3]RSAProtectedConfigurationProvider加密web.config
[4]DataProtectionConfigurationProvider加密web.config文件
[5]C# 解决无法识别的属性 configProtectionProvider
[6]文本比较
[7]ORA-12154: TNS: 无法解析指定的连接标识符
[8]配置错误:未能使用提供程序“RsaProtectedConfigurationProvider”进行解密。提供程序返回错误信息为: 打不开 RSA 密钥容器。
