加密App.config / Web.config文件

时间:2017-11-15 10:54:32

标签: c#

我滥用Web.config文件作为某些Windows服务exe文件的配置文件,因为该服务主要需要与IIS相同的设置:

Directory.SetCurrentDirectory(AppDomain.CurrentDomain.BaseDirectory);

if (File.Exists("..\\Web.config"))
{
    var path = Path.GetFullPath("..\\Web.config");
    logger.Info("Web.config gefunden in {0}", path);
    AppConfig.Change(path);
}

其他人试图加密部分Web.config文件:

aspnet_regiis -pe connectionStrings -app /ourapp

将原始App.config重命名为Web.config并返回似乎是Microsoft推荐的加密App.config文件的方法:

https://weblogs.asp.net/jongalloway/encrypting-passwords-in-a-net-app-config-file

但是,Windows服务无法启动:

  

Anwendung:MyService.exe
  Frameworkversion:v4.0.30319
  Beschreibung:Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet。
  Ausnahmeinformationen:System.Configuration.ConfigurationErrorsException 

bei System.Configuration.RsaProtectedConfigurationProvider.ThrowBetterException(Boolean)  
bei System.Configuration.RsaProtectedConfigurationProvider.GetCryptoServiceProvider(Boolean, Boolean)  
bei System.Configuration.RsaProtectedConfigurationProvider.Decrypt(System.Xml.XmlNode)  
bei System.Configuration.ProtectedConfigurationSection.DecryptSection(System.String, System.Configuration.ProtectedConfigurationProvider)  
bei System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.DecryptSection(System.String, System.Configuration.ProtectedConfigurationProvider, System.Configuration.ProtectedConfigurationSection)  
bei System.Configuration.Internal.DelegatingConfigHost.DecryptSection(System.String, System.Configuration.ProtectedConfigurationProvider, System.Configuration.ProtectedConfigurationSection)  
bei System.Configuration.BaseConfigurationRecord.CallHostDecryptSection(System.String, System.Configuration.ProtectedConfigurationProvider, System.Configuration.ProtectedConfigurationSection)  
bei System.Configuration.RuntimeConfigurationRecord.CallHostDecryptSection(System.String, System.Configuration.ProtectedConfigurationProvider, System.Configuration.ProtectedConfigurationSection)  
bei System.Configuration.BaseConfigurationRecord.DecryptConfigSection(System.Configuration.ConfigXmlReader, System.Configuration.ProtectedConfigurationProvider)
  

Ausnahmeinformationen:System.Configuration.ConfigurationErrorsException 

bei System.Configuration.BaseConfigurationRecord.EvaluateOne(System.String[], System.Configuration.SectionInput, Boolean, System.Configuration.FactoryRecord, System.Configuration.SectionRecord, System.Object)  
bei System.Configuration.BaseConfigurationRecord.Evaluate(System.Configuration.FactoryRecord, System.Configuration.SectionRecord, System.Object, Boolean, Boolean, System.Object ByRef, System.Object ByRef)  
bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)  
bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)  
bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)  
bei System.Configuration.BaseConfigurationRecord.GetSection(System.String)  
bei System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)  
bei System.Configuration.ConfigurationManager.GetSection(System.String)  
bei System.Configuration.ConfigurationManager.get_ConnectionStrings()  
bei MyService.Program.Main(System.String[])

为什么会这样,我该如何解决?

1 个答案:

答案 0 :(得分:4)

您需要授予访问RSA容器的权限,该容器已将您的部分加密到您运行服务的帐户。默认情况下(使用您在问题中使用的aspnet_regiis命令),该容器名为" NetFrameworkConfigurationKey",因此您需要执行此操作:

aspnet_regiis -pa "NetFrameworkConfigurationKey" "YourServiceAccountHere"
相关问题
最新问题