打开cmd,进入vs安装目录C:\Windows\Microsoft.NET\Framework64\v4.0.30319
1
|
cd C:\Windows\Microsoft.NET\Framework64\v4.0.30319 |
如果是Web.config就直接加密,是App.config就先改为Web.config才可以进行加密
1
|
aspnet_regiis -pef "节点" "项目路径" |
例如:
需要加密的App.config数据库连接字符串为
1
2
3
|
<connectionStrings> <add name= "connStr" connectionString= "Data Source=.;Initial Catalog=testDB;User ID=sa;Password=123456" /> </connectionStrings> |
加密命令为
1
|
aspnet_regiis -pef "connectionStrings" "Web.config所在目录" |
如加密失败
解决方案:
创建一个可导出的rsa密钥容器,命名为Key
1
|
aspnet_regiis -pc "Key" -exp |
将Web.cofig/App.config的configuration增加属性值xmlns,即改为
1
|
< configuration xmlns = "http://schemas.microsoft.com/.NetConfiguration/v2.0" > |
将数据库连接字符串改为以下:
1
2
3
4
5
6
7
8
9
|
<configProtectedData> <providers> <clear /> <add name= "KeyProvider" type= "System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL" keyContainerName= "Key" useMachineContainer= "true" /> </providers> </configProtectedData> <connectionStrings> <add name= "connStr" connectionString= "Data Source=.;Initial Catalog=testDB;User ID=sa;Password=123456;" providerName= "System.Data.SqlClient" /> </connectionStrings> |
开始对配置文件进行加密
1
|
aspnet_regiis -pef "connectionStrings" "Web.config所在目录" -prov "KeyProvider" |
注意:vs会提示是否修改,选择全是
解密配置文件
1
|
aspnet_regiis -pdf "connectionStrings" "Web.config所在目录" |
如果是App.config改成的Web.config,加密成功之后再改为App.config,并删除configuration的属性xmlns值
未加密的Web.config/App.config文件内容:
1
2
3
4
5
6
7
8
9
|
<? xml version = "1.0" encoding = "utf-8" ?> < configuration > < startup > < supportedRuntime version = "v4.0" sku = ".NETFramework,Version=v4.5.2" /> </ startup > < connectionStrings > < add name = "connStr" connectionString = "Data Source=.;Initial Catalog=testDB;User ID=sa;Password=123456" /> </ connectionStrings > </ configuration > |
修改为加密后的Web.config/App.config文件内容:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
<? xml version = "1.0" encoding = "utf-8" ?> < configuration xmlns = "http://schemas.microsoft.com/.NetConfiguration/v2.0" > < startup > < supportedRuntime version = "v4.0" sku = ".NETFramework,Version=v4.5.2" /> </ startup > < configProtectedData > < providers > < clear /> < add name = "KeyProvider" type = "System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL" keyContainerName = "Key" useMachineContainer = "true" /> </ providers > </ configProtectedData > < connectionStrings > < add name = "connStr" connectionString = "Data Source=.;Initial Catalog=testDB;User ID=sa;Password=123456;" providerName = "System.Data.SqlClient" /> </ connectionStrings > </ configuration > |
加密后的Web.config/App.config文件内容:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
<? xml version = "1.0" encoding = "utf-8" ?> < configuration xmlns = "http://schemas.microsoft.com/.NetConfiguration/v2.0" > < startup > < supportedRuntime version = "v4.0" sku = ".NETFramework,Version=v4.5.2" /> </ startup > < configProtectedData > < providers > < clear /> < add name = "KeyProvider" type = "System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0,Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL" keyContainerName = "Key" useMachineContainer = "true" /> </ providers > </ configProtectedData > < connectionStrings configProtectionProvider = "KeyProvider" > < EncryptedData Type = "http://www.w3.org/2001/04/xmlenc#Element" xmlns = "http://www.w3.org/2001/04/xmlenc#" > < EncryptionMethod Algorithm = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /> < KeyInfo xmlns = "http://www.w3.org/2000/09/xmldsig#" > < EncryptedKey xmlns = "http://www.w3.org/2001/04/xmlenc#" > < EncryptionMethod Algorithm = "http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> < KeyInfo xmlns = "http://www.w3.org/2000/09/xmldsig#" > < KeyName >Rsa Key</ KeyName > </ KeyInfo > < CipherData > < CipherValue >lSLu2RVnlfr5om5MpBuqyhBETF6dI/glZ3zlfOQvzj+l1YmsOcfGVC1LgrDFcPLEbF/r1IZZYVnQuesz3AeVUkpNCG2OfMWDeaPULtJ5Ay24SYnBR4FNtQQSf1pijelXRGE8pzH7s49RLsKWQuwVTyMrOUoIMcmD4xIPmN/cqpQ=</ CipherValue > </ CipherData > </ EncryptedKey > </ KeyInfo > < CipherData > < CipherValue >deXEhu/mqe+WkD51qXhi9jwBhEurU6EQXBQINOGOyDgpw/W4xTpi3DtTDcEzJXbaHvyKaXLfkPxxljce07ANtN7VXRfDov0Olsq/3+hkYqVXRI5A80XVkOKh2CQaVWx/GJC7JBbbRlKXJvS93M+OQWGKpW0twcZlL1ns97g5w8QstGN6vszAiZw1z6gKXlsrMf9224ExGq+dGJS9BSU+mxaKkd9EAVELMtWv2r7jIXsEneggDR49Mtdu91j1dsDj6am3NcaHmRQ=</ CipherValue > </ CipherData > </ EncryptedData > </ connectionStrings > </ configuration > |
导出密钥容器
1
|
spnet_regiis -px "Key" "d:\Key.xml" |
注意:加上-pri参数为导出公钥+私钥
导入密钥容器
1
|
aspnet_regiis -pi "Key" "d:\Key.xml" |
删除密钥容器
1
|
aspnet_regiis -pz "Key" |
注意:删除密钥程序会报错
原文链接:https://www.idaobin.com/archives/1201.html