webConfig 加密与解密
2013-04-26 17:24
519 查看
//========加密前的webConfig:=========
<?xml version="1.0"?>
<!--
有关如何配置 ASP.NET 应用程序的详细信息,请访问
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings>
<add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />
<!--连接字符串-->
<add name="connStr" connectionString="Data Source=.;Initial Catalog=test;Persist Security Info=True;User ID=sa;pwd=123456" />
</connectionStrings>
<appSettings>
<add key="FormPath" value="Forms"/>
<!-- 连接字符串是否加密 -->
<add key="ConStringEncrypt" value="false"/>
</appSettings>
</configuration>
新建一个类类名为PubConstans:
using System.Web;
namespace logicDAL.Dal.Base
{
public class PubConstans
{
/// <summary>
/// 获取webConfig里的连接字符串
/// </summary>
/// <returns></returns>
public static string ConnStr
{
get
{
// 此节点判断是否要加解密
string connEncrypt = ConfigurationManager.AppSettings["ConStringEncrypt"];
if (connEncrypt.ToLower() == "true") // 加密
Encrypt(); // 调用加密方法
else if (connEncrypt.ToLower() == "false") // 解密
Decrypt(); // 调用解密方法
// 返回最终连接字符串
string _connStr = ConfigurationManager.ConnectionStrings["Connstr"].ConnectionString;
return _connStr;
}
}
/// <summary>
/// 加密
/// </summary>
/// <param name="text"></param>
/// <returns></returns>
public static void Encrypt()
{
// Configuration对象
Configuration configuration = WebConfigurationManager.OpenWebConfiguration(HttpContext.Current.Request.ApplicationPath);
// 获取配置节点
ConfigurationSection section = configuration.GetSection("connectionStrings");
// 判断节点是否等于空 (没有被加密时执行)
if (section != null && !section.SectionInformation.IsProtected)
{
// 保护所指定的节点
section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
// 保存
configuration.Save();
}
}
/// <summary>
/// 解密
/// </summary>
/// <param name="Text"></param>
/// <returns></returns>
public static void Decrypt()
{
Configuration configuration = WebConfigurationManager.OpenWebConfiguration(HttpContext.Current.Request.ApplicationPath);
ConfigurationSection section = configuration.GetSection("connectionStrings");
if (section != null && section.SectionInformation.IsProtected)
{
// 移除保护指定的节点
section.SectionInformation.UnprotectSection();
configuration.Save();
}
}
}
}
//====================
通过以上操作如果想把连接字符串加密就把value值改为true否则改为false
<appSettings>
<add key="FormPath" value="Forms"/>
<!-- 连接字符串是否加密 -->
<add key="ConStringEncrypt" value="false"/>
</appSettings>
调用连接字符串:
新建一个类如DBhelper在里面写:
// 定义一个SqlConnection 属性,并返回一个connection连接
public static SqlConnection connection;
public static SqlConnection Connection
{
// 设置一个get访问器
get
{
string strConn = PubConstans.ConnStr; // 调用PubConstans类的连接字符串
if (connection == null)
{
connection = new SqlConnection(strConn);
connection.Open();
}
else if (connection.State == ConnectionState.Broken)
{
connection.Close();
connection.Open();
}
else if (connection.State == ConnectionState.Closed)
{
connection.Open();
}
return connection;
}
}
//==webConfig加密后:===========
<?xml version="1.0"?>
<!--
有关如何配置 ASP.NET 应用程序的详细信息,请访问
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>Stptf03AwHGQLf1XEV17qJQuUAVLY42DK47wYeeh89lyqhx6XHFZqjOPhP0kJTqbAby5+x6fLxUKabbNe5AFMrqUYBGbM3KS+2a5dqRWUWSsvSokLCRbmHs9uidm5z+BkzCrn87huOsL2ciahgklhJG8bjJxYIUBdDq7vgQv2iA=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>0zfe3lsmvZSzM/Chzl4i9ABQvYW9r/Ps7tA7aHkmWeDERFJqAF9MxB4EqGxi1Gpqoq87z+ogH3l18wuhqry2v3NoHzKpvR5GANyGgbOu0PqQf06HKn2Qyny6P1D+Y68qBpWRpDwyg5xTi1/xYGk0/V3hmTBbqzZKGakGeHJP+ZbI7XGEgFXFOHwBD1joRW0lVFwiCv4vhTQL+6xi6+nyrNUPmXHt8FhioR4ZMcM4IMgAu2grnHmN5QRmxJUxjOTq9m9Sdn3wz/BXyN+rHwvyZqKadpBNNTCOJW63jMVEVgs7+W9z9XSyS1xnouDnTNj1j+Vl9GoU9nXCP8/crd1t6ItydLxdRuHDmQPyOZVVDZTw18fZaWB4lsMGeLy0j17n2EFCXy7jNhRTe02BSZmo4CwxvVZVkCrSf1nVu5MFcU4sVeL1fKuZQAmJppp4ukEQT6N5qYJf9ETry8xIaNAUOXrtuWWBpFXn0RfPJVKtgZJAjSjuFdL1nqE5KPSBxdKpXVbVGr56xWo=</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
<appSettings>
<add key="FormPath" value="Forms"/>
<!-- 连接字符串是否加密 -->
<add key="ConStringEncrypt" value="true"/>
</appSettings>
</configration>
说明:在webConfig加密的情况下调用连接字符串不需要先解密,因为微软已经把这部分工作帮我们做了。之所以要解密就是在项目上线前你看着连接字符串不方便或者上线后想要更改连接字符串,那就要先解密才能更改,。
<?xml version="1.0"?>
<!--
有关如何配置 ASP.NET 应用程序的详细信息,请访问
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings>
<add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />
<!--连接字符串-->
<add name="connStr" connectionString="Data Source=.;Initial Catalog=test;Persist Security Info=True;User ID=sa;pwd=123456" />
</connectionStrings>
<appSettings>
<add key="FormPath" value="Forms"/>
<!-- 连接字符串是否加密 -->
<add key="ConStringEncrypt" value="false"/>
</appSettings>
</configuration>
新建一个类类名为PubConstans:
using System.Web;
namespace logicDAL.Dal.Base
{
public class PubConstans
{
/// <summary>
/// 获取webConfig里的连接字符串
/// </summary>
/// <returns></returns>
public static string ConnStr
{
get
{
// 此节点判断是否要加解密
string connEncrypt = ConfigurationManager.AppSettings["ConStringEncrypt"];
if (connEncrypt.ToLower() == "true") // 加密
Encrypt(); // 调用加密方法
else if (connEncrypt.ToLower() == "false") // 解密
Decrypt(); // 调用解密方法
// 返回最终连接字符串
string _connStr = ConfigurationManager.ConnectionStrings["Connstr"].ConnectionString;
return _connStr;
}
}
/// <summary>
/// 加密
/// </summary>
/// <param name="text"></param>
/// <returns></returns>
public static void Encrypt()
{
// Configuration对象
Configuration configuration = WebConfigurationManager.OpenWebConfiguration(HttpContext.Current.Request.ApplicationPath);
// 获取配置节点
ConfigurationSection section = configuration.GetSection("connectionStrings");
// 判断节点是否等于空 (没有被加密时执行)
if (section != null && !section.SectionInformation.IsProtected)
{
// 保护所指定的节点
section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
// 保存
configuration.Save();
}
}
/// <summary>
/// 解密
/// </summary>
/// <param name="Text"></param>
/// <returns></returns>
public static void Decrypt()
{
Configuration configuration = WebConfigurationManager.OpenWebConfiguration(HttpContext.Current.Request.ApplicationPath);
ConfigurationSection section = configuration.GetSection("connectionStrings");
if (section != null && section.SectionInformation.IsProtected)
{
// 移除保护指定的节点
section.SectionInformation.UnprotectSection();
configuration.Save();
}
}
}
}
//====================
通过以上操作如果想把连接字符串加密就把value值改为true否则改为false
<appSettings>
<add key="FormPath" value="Forms"/>
<!-- 连接字符串是否加密 -->
<add key="ConStringEncrypt" value="false"/>
</appSettings>
调用连接字符串:
新建一个类如DBhelper在里面写:
// 定义一个SqlConnection 属性,并返回一个connection连接
public static SqlConnection connection;
public static SqlConnection Connection
{
// 设置一个get访问器
get
{
string strConn = PubConstans.ConnStr; // 调用PubConstans类的连接字符串
if (connection == null)
{
connection = new SqlConnection(strConn);
connection.Open();
}
else if (connection.State == ConnectionState.Broken)
{
connection.Close();
connection.Open();
}
else if (connection.State == ConnectionState.Closed)
{
connection.Open();
}
return connection;
}
}
//==webConfig加密后:===========
<?xml version="1.0"?>
<!--
有关如何配置 ASP.NET 应用程序的详细信息,请访问
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>Stptf03AwHGQLf1XEV17qJQuUAVLY42DK47wYeeh89lyqhx6XHFZqjOPhP0kJTqbAby5+x6fLxUKabbNe5AFMrqUYBGbM3KS+2a5dqRWUWSsvSokLCRbmHs9uidm5z+BkzCrn87huOsL2ciahgklhJG8bjJxYIUBdDq7vgQv2iA=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>0zfe3lsmvZSzM/Chzl4i9ABQvYW9r/Ps7tA7aHkmWeDERFJqAF9MxB4EqGxi1Gpqoq87z+ogH3l18wuhqry2v3NoHzKpvR5GANyGgbOu0PqQf06HKn2Qyny6P1D+Y68qBpWRpDwyg5xTi1/xYGk0/V3hmTBbqzZKGakGeHJP+ZbI7XGEgFXFOHwBD1joRW0lVFwiCv4vhTQL+6xi6+nyrNUPmXHt8FhioR4ZMcM4IMgAu2grnHmN5QRmxJUxjOTq9m9Sdn3wz/BXyN+rHwvyZqKadpBNNTCOJW63jMVEVgs7+W9z9XSyS1xnouDnTNj1j+Vl9GoU9nXCP8/crd1t6ItydLxdRuHDmQPyOZVVDZTw18fZaWB4lsMGeLy0j17n2EFCXy7jNhRTe02BSZmo4CwxvVZVkCrSf1nVu5MFcU4sVeL1fKuZQAmJppp4ukEQT6N5qYJf9ETry8xIaNAUOXrtuWWBpFXn0RfPJVKtgZJAjSjuFdL1nqE5KPSBxdKpXVbVGr56xWo=</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
<appSettings>
<add key="FormPath" value="Forms"/>
<!-- 连接字符串是否加密 -->
<add key="ConStringEncrypt" value="true"/>
</appSettings>
</configration>
说明:在webConfig加密的情况下调用连接字符串不需要先解密,因为微软已经把这部分工作帮我们做了。之所以要解密就是在项目上线前你看着连接字符串不方便或者上线后想要更改连接字符串,那就要先解密才能更改,。
相关文章推荐
- web.config文件中配置节的加密与解密
- Web.Config数据库连接串加密和解密(转载)
- web.config的加密和解密
- ASP.NET温故而知新学习系列之网站安全技术—Web.config加密和解密(一)
- 利用ASP.NET加密和解密Web.config中连接字符串
- asp.net web.config加密解密方法
- c# web.config 配置文件的加密与解密,aspnet_regiis.exe
- ASP.NET 2.0加密解密Web.config配置文件
- 配置文件(Web.Config)加密解密详细说明
- C# web.config 配置文件的加密与解密,aspnet_regiis
- ASP.NET 程序安全性 (一) web.config加密与解密
- Web.config 加密及解密
- asp.net Web.config加密解密
- 加密解密技术—Web.config加密和解密
- WebConfig加密/解密
- web.config加密解密方法
- 加密,解密Web.Config
- asp.net 在webConfig中对某个节点加密和解密
- 命令行工具aspnet_regiis.exe实现加密和解密web.config