C#為配置文件加密的實(shí)現(xiàn)方法

2019-10-29 21:42:43

字體：大中小

供稿：網(wǎng)友

這篇文章主要介紹了C#為配置文件加密的實(shí)現(xiàn)方法,可實(shí)現(xiàn)對(duì)配置文件中的敏感信息進(jìn)行加密,非常具有實(shí)用價(jià)值,需要的朋友可以參考下

本文實(shí)例講述了C#為配置文件加密的實(shí)現(xiàn)方法，分享給大家供大家參考。具體實(shí)現(xiàn)方法如下：

一般來說，在web.config或app.config文件里我們經(jīng)常會(huì)存儲(chǔ)一些敏感信息，比如connectionStrings或者appSettings，比如像下面的文件。

復(fù)制代碼代碼如下:

		<?xml version="1.0"?>
		<configuration>
		    <system.web>
		      <compilation debug="true" targetFramework="4.0" />
		    </system.web>
		    <connectionStrings>
		      <add name="MyNwConnectionString" connectionString="Server=myServerAddress;Database=myDataBase;User Id=myUsername; Password=myPassword;"/>
		    </connectionStrings>
		    <appSettings>
		      <add key="User" value="myUsername"/>
		      <add key="Password" value="myPassword"/>
		    </appSettings>
		</configuration>

復(fù)制代碼代碼如下:

using System;
using System.Configuration;

namespace WebConfigEncryptTest
{
    public partial class WebForm1 : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            string user = ConfigurationManager.AppSettings.Get("User");
            string password = ConfigurationManager.AppSettings.Get("Password");
            string connectionString = ConfigurationManager.ConnectionStrings["MyNwConnectionString"].ConnectionString;
        }
    }
}

一、加密文件可以使用的Provider

.NET為我們提供了一個(gè)工具aspnet_regiis.exe來對(duì)web.config文件中的敏感信息進(jìn)行加密（app.config文件可以先改名為web.config，加密后再改回app.config）。你可以使用兩個(gè)provider中的一個(gè)來進(jìn)行加密：

System.Configuration.DPAPIProtectedConfigurationProvider：在System.Configuration.dll中，使用Windows DPAPI（Data Protection API）來進(jìn)行加密，密鑰存在Windows Local Security Authority（LSA）中。

注意：當(dāng)使用DPAPIProtectedConfigurationProvider時(shí)，加密文件所使用的帳號(hào)需要與運(yùn)行web application的帳號(hào)相同，否則web application無法解密加密的內(nèi)容。
System.Configuration.RSAProtectedConfigurationProvider：在System.Configuration.dll中，使用RSA算法來進(jìn)行加密（RSA算法是非對(duì)稱加密，具體可參見前面一篇文章C#對(duì)稱加密與非對(duì)稱加密），公鑰存放在config文件當(dāng)中，只有加密的計(jì)算機(jī)有密鑰。RSAProtectedConfigurationProvider通常是默認(rèn)的缺省provider。

二、加密文件的命令

加密web.config文件可以使用：

復(fù)制代碼代碼如下:

aspnet_regiis -pef section web-app-physical-dir

Encrypt the configuration section. Optional arguments:

[-prov provider] Use this provider to encrypt.

比如運(yùn)行下面的命令就會(huì)分別對(duì)connectionStrings和appSettings中的信息進(jìn)行加密：

復(fù)制代碼代碼如下:

aspnet_regiis.exe -pef "connectionStrings" "C:/myweb/HelloService"

aspnet_regiis.exe -pef "appSettings" "C:/myweb/HelloService"

加密后的web.config文件變成：

復(fù)制代碼代碼如下:

		<?xml version="1.0"?>
		<configuration>
		    <system.web>
		      <compilation targetFramework="4.0" />
		    </system.web>
		    <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
		        <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
		            xmlns="http://www.w3.org/2001/04/xmlenc#">
		            <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
		            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
		                <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
		                    <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
		                    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
		                        <KeyName>Rsa Key</KeyName>
		                    </KeyInfo>
		                    <CipherData>
		                        <CipherValue>E2fO9C0TJVxImLYQZza+fCQdDbTpNh/kOKLRsK6zcFjkgtUCl6SnMViuu/2G1NVTxqXyEWYwyK6AiCZA+feeG/AvYvmEEVopVDb0YyGeuJgEI1r8HxTl8Cv+f2EIimP7LJI+JRZVerI4MU6Ke3wxm2S/ATc73/W6eg9808f4/D6J0pp3wND4E79gBiAnBHFYQIefdJYUsmHR9z9LiIqjCllkkj/JB0kso0kGJ9i+iew1Jae5jugIN8gPxsXbCfmw6ru3I3Kbpa8Z5AllfkFA2YKrsuV3c7eLLJ0kB4lsIJIUTy3kRyA4GjdChOmlNwwffIbhwUPPxa25CiF0VAq27Q==</CipherValue>
		                    </CipherData>
		                </EncryptedKey>
		            </KeyInfo>
		            <CipherData>
		                <CipherValue>I1DWG11Iz/rq+NC9C/21B3Q22J9+IexHPH6kkWvQPeHUO6OvOWeQbk3wHALR2ql8pz0gQJFyfTypMk/xSSikFI2Dcy5mgYY3kP73bQQ83ho3O1HPw9TsRtK1G8gmVNGyQLj7iTRcoGfiYYmSibPynv1MzSV1qDXlnVfKiMqKRZ5ZPiMSMc5u3dDEL/JW1oCvAGs5tHrZU5+vgvm0yCmSuCWZbXva+iv9J35EQqs58pq+hwVo1hg1dffdupGCBykaXGl5VX3TIGc=</CipherValue>
		            </CipherData>
		        </EncryptedData>
		    </connectionStrings>
		    <appSettings configProtectionProvider="RsaProtectedConfigurationProvider">
		        <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
		            xmlns="http://www.w3.org/2001/04/xmlenc#">
		            <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
		            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
		                <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
		                    <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
		                    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
		                        <KeyName>Rsa Key</KeyName>
		                    </KeyInfo>
		                    <CipherData>
		                        <CipherValue>WVoFIs8rSEgqKw1C0QCmePs7WK6EIoGCfdx9CTJNmABoVvoEWPnOEQwz/6Ruu0rGwa7q91KuhGILmy4NEN0padnX6FScCdEzP6CS59U3IFumYmTrD7D9ihqFO2aIL/SuBvV3D2kxhHaYGFaPuvYgsyOLf3+aYR3O/uh/k5wZxLoIeKUUrT762J3bdaK6cJWQeuOu4j2vDXEdawdwhlnK12UV8+/AXZNlFW1N3Z0RUVFX1nMSwTaIu8F3tZ9hCFbGwbTm2T0XnfDOcB6dCxCutqC8pXD36laAfiSANzAWoC+Yhf5eFSj24fX0NU6UTQB8fqLyOgWsIMLxZLKVrwnlmg==</CipherValue>
		                    </CipherData>
		                </EncryptedKey>
		            </KeyInfo>
		            <CipherData>
		                <CipherValue>5W2KhG/oETLUDptobcOM52x1qD/g9A0By/wcGXI+fm7EdcD8mT3TxsLVBVcHRBCyUO7OIHl8NyCrduRSYwyd8ggBCriQ5KrbAmW4LXrNnw/JjjCEJWPuRcRucVRfpgap2nHh6BXRXC/AU6v0GcRqy7LV8179PgGtyAa8IE1mV/w=</CipherValue>
		            </CipherData>
		        </EncryptedData>
		    </appSettings>
		</configuration>