众所周知,web.config可以存储包括数据库链接在内的众多信息,所以为配置文件加密有时候就显得必要了。
1.加密前的配置文件如下:
Web.config
1 <?xml version="1.0"?>
2
3 <configuration>
4 <connectionStrings>
5 <add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true"
6 providerName="System.Data.SqlClient"/>
7 </connectionStrings>
8 <appSettings>
9 <add key="key1" value="value1"/>
10 <add key="key2" value="value2"/>
11 </appSettings>
12
13 <system.web>
14 <compilation debug="true" targetFramework="4.0"/>
15 <sessionState cookieless="AutoDetect" timeout="30"/>
16 <machineKey validationKey="D61B3C89CB33A2F1422FF158AFF7320E8DB8CB5CDA1742572A487D94018787EF42682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"
17 decryptionKey="FBF50941F22D6A3B229EA593F24C41203DA6837F1122EF17"/>
18 </system.web>
19
20 <system.webServer>
21 <modules runAllManagedModulesForAllRequests="true"/>
22 </system.webServer>
23 </configuration>
2.加密
(1)前端源代码
ConfigurationEncryption.aspx
1 <form id="form1" runat="server">
2 <div style="font-family: Calibri">
3 <asp:Label ID="lbSection" runat="server" Text="Choose a section:"></asp:Label>
4 <asp:DropDownList ID="ddlSection" runat="server">
5 <asp:ListItem>connectionStrings</asp:ListItem>
6 <asp:ListItem>appSettings</asp:ListItem>
7 <asp:ListItem>system.web/machineKey</asp:ListItem>
8 <asp:ListItem>system.web/sessionState</asp:ListItem>
9 </asp:DropDownList>
10 <br />
11 <br />
12 <asp:Button ID="btnEncrypt" runat="server" Text="Encrypt it" OnClick="btnEncrypt_Click"
13 Height="30px" Width="120px"/>
14 <asp:Button ID="btnDecrypt" runat="server" Text="Decrypt it" OnClick="btnDecrypt_Click"
15 Height="30px" Width="120px"/>
16 </div>
17 </form>
(2)后台代码
1 private const string provider = "RSAProtectedConfigurationProvider"; //Use RSA Provider to encrypt configuration sections
2
3 protected void Page_Load(object sender, EventArgs e)
4 {
5
6 }
7
8 protected void btnEncrypt_Click(object sender, EventArgs e)
9 {
10 if (string.IsNullOrEmpty(this.ddlSection.SelectedValue))
11 {
12 Response.Write("please select a configuration section");
13 //选择要加密的配置节点
14 return;
15 }
16 //获取加密的配置节点
17 string sectionString = this.ddlSection.SelectedValue;
18 //使用指定的虚拟路径将 Web 应用程序配置文件作为 System.Configuration.Configuration 对象打开以允许读或写操作。
19 Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
20 ConfigurationSection section = config.GetSection(sectionString);
21 if (section != null)
22 { //标记配置节点,进行保护
23 section.SectionInformation.ProtectSection(provider);
24 config.Save();
25 Response.Write("encrypt successed, please check the configuration file.");
26 }
27 }
28
29 protected void btnDecrypt_Click(object sender, EventArgs e)
30 {
31 string sectionString = this.ddlSection.SelectedValue;
32
33 Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
34 ConfigurationSection section = config.GetSection(sectionString);
35 if (section != null && section.SectionInformation.IsProtected)
36 {
37 // 从关联的配置节中移除受保护的配置加密。
38 section.SectionInformation.UnprotectSection();
39 config.Save();
40 Response.Write("decrypt success, please check the configuration file.");
41 }
42
43 }
(3)加密后的效果
<?xml version="1.0"?>
<configuration>
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>im7ZLO/++t/Iu7rVXYj7J0WvUH0cry6YgZXyY9FKE47TLBggiJPrSn+kVKBGPzSygH92ompVIhPWhJtqsTGJhdKuxRlQA5SrASmEvlB7ANo3chLoZOQbTzRyiCNFk3jOF7uoUykyFIqDPDZO9Tw9tW+iJ3LUYEhWyhOuz66GgQs=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>mCgroKV5diU9GnjPG7vNEBwtRLdA3h5P8NwkVFkUuS8jnV36dhJH0turxsHRQRFSIpxWQYOXz91yxEwuifCSfT2LBSw9ggE2gO/V1Ju/q/J+lfqFdHs2j1mXPbaiD4kXmcT+2i6UB+Cl8+ML0F+G6pru0ztoFAMS2otQovS8npFaGrNvv078wkYbfOPhIrjSHftgdBES48VXgcnILfFtGeF7BHAW1a36pInc9KWBA6H64orVuIRSGxTzZPxhaRrgsCANJbKRu3NX3q3o4vIfbQ4ugkrix9qG9UK4tcnhq5ytukEAaUJQe19Zb5onfDM54vG+Bd2Cggxs84Ie738LY/5qT8Gz0lS+</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
<appSettings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>Jb0l7McUq/QKBTtPJ75KALSPOchDYkOMxYqqSVVUGg9OEQ0reea1eU7lr4tL7XgYP+llKFD+/i1PCL0mWXUqSCVzK9aVWsjTcyQEGLRrBF0YXYwq3TOyn+Egl/ENxtAabCGcStimDs2SQOjPCkuD3k3uRXI/0+wXNNXAPRftXZ8=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>5/GgaNoruJPElBuKbq+ro5PlqcBECu7p1+3s+G3WzO5AGacgxDOJQvfQ6O33kEL3CLezhJ2/Nvzbq75lvvbnfSjCYXKcKVsk2LJADM5XAg61/U1v+0Ov1XlQ9WQKdyaepmTV5ccGRuHp94U4+JuJE/eXw2vJabkf</CipherValue>
</CipherData>
</EncryptedData>
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
<sessionState configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>K+G4c3VQgg7LtKZUuA5TS5h9Y8DWwdtudONFC9cgywGxedUEzcmnF0ise4XPv6F0Wx9pT6hwC2C+agHXPmVxupXKuonKXFsWWZ1edCXNzMuhzsoSyNcpkiWvk9lH5sXzHDhqeJbeAi5q5tf7nUKt8uoq5IjVpX/JoHHxmYzWfoM=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>yr+lyfRycdN7BU+uuWv5AF/radmLM2qLgyjgdLEJVurs9KijocEmI6GeoCG6SgIjPukMhY6jieo1LVbuEPb75g==</CipherValue>
</CipherData>
</EncryptedData>
</sessionState>
<machineKey configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>iBNJ6+10cIZr9Cj9KJ8KEpRrQe2L/4KiIR9Vg51NyFURwhYZd4kjV0TeuALhUqtlpDImp4kCg+3X/FKp1dob8DiILTcLYY68JDIcUUgyVVwwijwqVTcDvEucmB+vRQAN7u3ivPrEdDpihjqfOh7GxODjB/PfLD5MwrAVxQAeqL0=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>Zb9wsQ+U9yPLlduYe7cQtzsXGF9do97y4iGCULOffGU+WgnIUAqVgOjrhTuNSiDnb9MYHXircQIrtkV9mqrqKvR++169uOrqtakZ3oK8ht8G8Qe2hhXv1EmNttGZvVOfsZmShlPXslWfOPDeHDV1oqhe/JEANw41RQ3KXot8eXCZjkdf/xkA5rkdixvtlmh9TleWTbnTq6LzrWwXUZXAR9UXybNE2ijG6ar+5a+05R6sgXEdgqNuV7RoFcbYba/zLffLkTBZ1YNvAbEfekuJTn018zOOX4x6v2bB2X3i7MsW9moROs0ld3UL0YOuqylS</CipherValue>
</CipherData>
</EncryptedData>
</machineKey>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>