问题
I have the following information in my web.config file.
<appSettings>
<add key="AdminUsername" value="User1"/>
<add key="AdminPassword" value="Password1"/>
</appSettings>
how do I encrypt it and store? how do I decrypt and use?
回答1:
Kindly refer to the article - http://msdn.microsoft.com/en-us/library/k6h9cz8h%28v=vs.80%29.aspx
The command is:
aspnet_regiis.exe -pe "appSettings" -site "MySharePoint" -app "/"
where MySharePoint is a Virtual Directory. The web.config file should be inside the directory too.
回答2:
The drawback of encrypting configuration sections using aspnet_regiis or the equivalent APIs is that it encrypts entire sections.
Good from a security perspective, but it makes it more difficult for an administrator to inspect other non-sensitive configuration data in the same section. appSettings is a section which an administrator will often want to inspect.
One option is to put your credentials in a different section (e.g. create a dummy connection string in the <connectionStrings> section) and encrypt only this section:
<connectionStrings>
...
<add key="AdminCredentials"
providerName=""
connectionString="Username=...;Password=..." />
</connectionStrings>
You will of course have to write code to parse the dummy connection string (String.Split) and extract the credentials. Something like the following (omitting error handling for simplicity):
string s = ConfigurationManager.ConnectionStrings["AdminCredentials"].ConnectionString;
string[] tokens = s.Split(';');
string userName = tokens[0].Split('=')[1];
string password = tokens[1].Split('=')[1];
...
By doing this, you can leave your appSettings section unencrypted.
来源:https://stackoverflow.com/questions/7356537/encrypt-and-store-password-in-web-config-file