zoukankan      html  css  js  c++  java
  • 在asp.net加解密连接字符串

    Encrypting/Decrypting Connection String in ASP.Net

    When we use Sql authentication to connect to database it will be better if we encrypt and decrypt the connection string for security purpose because the userid and password are specified in clear text. Even though, users can't access web.config file, it is still not safe because the server admins can still see the userid and password from web.config files. For example, in shared hosting environments. So, it will be better if we encrypt the connection string in web.config file in these scenarios. 

     

    Understanding this need, Microsoft introduced a new technique to encrypt and decrypt the Web.Config sections in Asp.Net 2.0.

     

    ASP.Net 2.0 has 2 providers for encrypting and decrypting config sections, RSA(RSAProtectedConfigurationProvider) and DPAPI(DataProtectionConfigurationProvider)

     

    To encrypt a connection string section,

    protected void btnEncrypt_Click(object sender, EventArgs e)

        {

            Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);

            ConfigurationSection section = config.GetSection("connectionStrings");

            if (!section.SectionInformation.IsProtected)

            {

                section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");

                config.Save();

            }

        }

     

    To use RSA algorithm, use RSAProtectedConfigurationProvider in the place of DataProtectionConfigurationProvider in the above code snippet.

     

    This is how the connection string section will look like once encrypted,

    <connectionStrings configProtectionProvider="DataProtectionConfigurationProvider">

     <EncryptedData>

       <CipherData>

        <CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAkNndGkx6M06QQFz+

    eH4CEgQAAAACAAAAAAADZgAAqAAAABAAAABnbufC7mjGVvEtpmFPMqb8AA

    AAAASAAACgAAAAEAAAAE/T9z3T5oBv2fMob6hZJsCYAQAAwjp5wFWl7ppY

    zHmMSSQPsIoLGnmlVTIPdcldbx3ZvWQwyr6GWCZPd0PmQG5AGX2XfRqGSazdWgWn

    1vnCV1u67Lfaf5Be4BABIT2SB+gXcjA3MCaqNvK4PICPNk4s662xPIrCycBv+Vl5ug

    TS7zstqVSLhFqAVs7DKNmUoWFSa+6RvtyrdK57Uh4wyP0WdD/doAVByLJjQ8RVKVWm

    IyFmi8iQiACVQPgNOGMKRVuchxpc6fiARnyTuMrQ6ZWS15f2G/vwLg9Q/7QBWOpKh4t

    LOeoFJX/m+l+9sCD1dJ2Jb/orKg2Nh1aUjfjqnkNZG1jY9JUDLhxGOx8tsPP75VlIw

    OqsgNOdojP8BiXJsrDfPhp/BKmV6dgZEvOh2HBkt4x2y0fb9CDlvI/F28lVQGw741If

    0P34UTBVZxbe6ka1075rlbXNSCjd33U+mx2ZNk7PG/c8HK6bql5ILM/sxO0wjUP68F

    wK2s3CadKzaki9eeTiIE9uGnlctq9Chb2f2E1uwnrefd856BzTK8eOGxTTbF8PU9uFp

    Hc1FAAAAMFZTg7MFHHeRLFM9s6ZJ1uBuOkr</CipherValue>

       </CipherData>

     </EncryptedData>

     </connectionStrings>

     

    The connection string can be still accessed in code by regular ways,

    SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["Sql"].ConnectionString);

     

    To see back the original connection string we need to decrypt it.

    To decrypt a connection string section,

      protected void btnDecrypt_Click(object sender, EventArgs e)

        {

            Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);

            ConfigurationSection section = config.GetSection("connectionStrings");

            if (section.SectionInformation.IsProtected)

            {

                section.SectionInformation.UnprotectSection();

                config.Save();

            }

        }

     

     

    引用:http://www.codedigest.com/CodeDigest/107-Encrypting-Decrypting-Connection-String-in-ASP-Net.aspx
  • 相关阅读:
    ASP.NET把客户机IP转换成真实地址(利用纯真 IP 数据库)
    关于分层走班教学的思考
    asp.net jQuery Ajax用户登录功能的实现
    C#判断网络地址 Url 是否存在的方法
    Asp.net获得远程网页源代码
    jQuery Ajax 调用aspx后台方法返回DataTable 的例子
    ASP.NET2.0中将GridView导出为Excel
    利用DataGrid显示某目录下的所有文件
    C#使用存储过程详细
    javascript获取当前日期时间
  • 原文地址:https://www.cnblogs.com/jes_shaw/p/1557735.html
Copyright © 2011-2022 走看看