两种保护配置提供程序:
1、DataProtectionConfigurationProvider(Windows数据保护API(DPAPI)提供程序)
这个提供程序使用Windows内置的密码学技术来加解密配置节。默认情况下,这个提供程序使用本机的密钥。你还能够使用用户密钥,但是这要求进行一点定制。 DataProtectionConfigurationProvider提供程序使用机器级密钥,这是最简单的方法,因为它不请求创建任何密钥或密钥容器。其消极的一面在于:一个加密的配置文件仅能够用于首先实现加密的web服务器上;而且,使用机器密钥将允许加密的文本能够被web服务器上的任何网站所解密。
用"DataProtectionConfigurationProvider" 参数,加密后,可以不用解密处理,系统依旧能使用原来的连接串正常连接数据库!
2、RSAProtectedConfigurationProvider(RSA保护配置提供程序)
使用RSA公钥加密来加解密配置节。使用这个提供程序,你需要创建存储用于加解密配置信息的公钥和私钥的密钥容器。你能够在一个多服务器场所下使用RSA,这只要创建可输出的密钥容器即可。如果需要的话,你还能够创建自己的保护设置提供程序。
加解密类:
Code
using System;
using System.Configuration;
using System.Web;
using System.Web.Configuration;
namespace Zhigang.Encrypt
{
/**//// <summary>
/// Encrypt web.config section
/// </summary>
public class SectionEncrypt
{
/**//// <summary>
/// Class SectionEncrypt's constructor
/// </summary>
public SectionEncrypt()
{
//
// TODO: Add constructor logic here
//
}
/**//// <summary>
/// Encrypt web.config section
/// </summary>
/// <param name="sectionName">The section name of web.config file </param>
/// <param name="provider">encrypt section</param>
public void EncryptSection(string sectionName, string provider, HttpRequest request)
{
Configuration config = WebConfigurationManager.OpenWebConfiguration(request.ApplicationPath);
ConfigurationSection section = config.GetSection(sectionName);
if (section != null && !section.SectionInformation.IsProtected)
{
section.SectionInformation.ProtectSection(provider);
section.SectionInformation.ForceSave = true;
config.Save(ConfigurationSaveMode.Modified);
}
}
/**//// <summary>
/// deencrypt web.config section
/// </summary>
/// <param name="sectionName">The section name of web.config file </param>
public void DeEncryptSection(string sectionName, HttpRequest request)
{
Configuration config = WebConfigurationManager.OpenWebConfiguration(request.ApplicationPath);
ConfigurationSection section = config.GetSection(sectionName);
if (section != null && section.SectionInformation.IsProtected)
{
section.SectionInformation.UnprotectSection();
section.SectionInformation.ForceSave = true;
config.Save(ConfigurationSaveMode.Modified);
}
}
}
}
using System;
using System.Configuration;
using System.Web;
using System.Web.Configuration;
namespace Zhigang.Encrypt
{
/**//// <summary>
/// Encrypt web.config section
/// </summary>
public class SectionEncrypt
{
/**//// <summary>
/// Class SectionEncrypt's constructor
/// </summary>
public SectionEncrypt()
{
//
// TODO: Add constructor logic here
//
}
/**//// <summary>
/// Encrypt web.config section
/// </summary>
/// <param name="sectionName">The section name of web.config file </param>
/// <param name="provider">encrypt section</param>
public void EncryptSection(string sectionName, string provider, HttpRequest request)
{
Configuration config = WebConfigurationManager.OpenWebConfiguration(request.ApplicationPath);
ConfigurationSection section = config.GetSection(sectionName);
if (section != null && !section.SectionInformation.IsProtected)
{
section.SectionInformation.ProtectSection(provider);
section.SectionInformation.ForceSave = true;
config.Save(ConfigurationSaveMode.Modified);
}
}
/**//// <summary>
/// deencrypt web.config section
/// </summary>
/// <param name="sectionName">The section name of web.config file </param>
public void DeEncryptSection(string sectionName, HttpRequest request)
{
Configuration config = WebConfigurationManager.OpenWebConfiguration(request.ApplicationPath);
ConfigurationSection section = config.GetSection(sectionName);
if (section != null && section.SectionInformation.IsProtected)
{
section.SectionInformation.UnprotectSection();
section.SectionInformation.ForceSave = true;
config.Save(ConfigurationSaveMode.Modified);
}
}
}
}
调用方式:
Code
SectionEncrypt section = new SectionEncrypt();
section.EncryptSection("appSettings", "DataProtectionConfigurationProvider",Page .Request );
SectionEncrypt section = new SectionEncrypt();
section.EncryptSection("appSettings", "DataProtectionConfigurationProvider",Page .Request );