在asp.net中使用加密數(shù)據(jù)庫(kù)聯(lián)接字符串保證數(shù)據(jù)安全

    在我們發(fā)布網(wǎng)站時(shí),加密web.config,這樣可以有效保證數(shù)據(jù)庫(kù)用戶(hù)和密碼安全,其步驟如下:
    1.添加密鑰
    執(zhí)行:C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pc "hnlaw" -exp
    其中"hnlaw"為密鑰名稱(chēng)
    2.添加web.config節(jié)點(diǎn)
    在web.config的<configuration></configuration>之間添加:
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    <configProtectedData>
    <providers>
    <add keyContainerName="hnlaw" useMachineContainer="true" description="Uses RsaCryptoServiceProvider to encrypt and
    decrypt" name="hnlaw" type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0,
    Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
    </providers>
    </configProtectedData>
    注意:這里keyContainerName="hnlaw"和name="hnlaw"分別表示你的密鑰名稱(chēng);
    3.加密web.config
    到網(wǎng)站根目錄添加一個(gè)批處理文件enweb.bat,內(nèi)容如下:
    代碼如下:
    @echo off
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pef "system.web/identity" "E:\HS Studio\Donet2\Hnlawyer" -prov
    "hnlaw"
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pef "connectionStrings" "E:\HS Studio\Donet2\Hnlawyer" -prov
    "hnlaw"
    PAUSE
    注冊(cè)上面的的路徑和名稱(chēng)!
    運(yùn)行后出現(xiàn)成功!
    4.解密
    同樣到網(wǎng)站根目錄添加一個(gè)批處理文件deweb.bat,內(nèi)容如下:
    代碼如下:
    @echo off
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pef "system.web/identity" "E:\HS Studio\Donet2\Hnlawyer"
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -pdf "connectionStrings" "E:\HS Studio\Donet2\Hnlawyer"
    PAUSE
    最后就是要注意:做完后找到C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys目錄下,找到生成
    的密鑰文件(可按時(shí)間查找),給上network service可讀取權(quán)限,不然會(huì)出現(xiàn)Error message from the provider: The RSA key container could
    not be opened.
    無(wú)法讀取
    這樣可能會(huì)出現(xiàn),如果沒(méi)有自己的服務(wù)器,沒(méi)有權(quán)限修改MachineKeys目錄,不知道還有其它解決辦法,希望大家共享一下 :)