我想使用我的Facebook客户端机密,使用IIS在本地运行我的ASP.NET MVC网站.我还想使Facebook客户端的秘密不受源代码控制.我将所有这些内容发布到Azure,因此在云中运行Web服务器时没有问题.敏感的设置直接进入App Service,并且永远不会被源代码控制看到.
I would like to run my ASP.NET MVC site locally using IIS, using my Facebook client secret. I would also like to keep the Facebook client secret out of source control. I am publishing all this to Azure, so there is no problem when I'm running my web server in the Cloud. Sensitive settings go straight into the App Service, and never get seen by source control.
In principle, keeping the client secret out of source control is easy. I can just add a config source to my app settings in Web.config:
<appSettings configSource="facebookClientSecret.config" />
和我所有的设置都可以进入 facebookClientSecret.config
中,该文件将添加到 .gitignore
and all of my settings can go into facebookClientSecret.config
, which gets added to .gitignore
Therein lies the problem: all of my settings. I don't want to hide all settings from source control: only the sensitive ones.
< appSettings><添加key ="webpages:Version" value =""/><添加key ="webpages:Enabled" value ="false"/>< add key ="ClientValidationEnabled" value ="true"/>< add key ="UnobtrusiveJavaScriptEnabled" value ="true"/>< add configSource ="facebookAppSecret.config"/>< add key ="StorageConnectionString" value ="UseDevelopmentStorage = true"/></appSettings>
But apparently that's "not allowed". Is there a way to have a subset of the app settings sourced from a separate file?
上的 appSettings 上的rel ="nofollow"> file 属性非常合适.
The file attribute on appSettings fits the bill nicely.
<appSettings file="facebookAppSecret.config">
<add key="webpages:Version" value="" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
<add key="StorageConnectionString" value="UseDevelopmentStorage=true" />
设置将从facebookAppSecret.config文件以及< appSettings></appSettings>
Settings will be pulled from the facebookAppSecret.config file as well as the <appSettings></appSettings>
还值得注意的是,该文件的内容应仅包含< appSettings></appSettings>
块(即,它应不包含<?xml version ="1.0" encoding ="utf-8"?>< configuration> ...</configuration>
It's worth noting also that the contents of that file should only contain a <appSettings></appSettings>
block (i.e. it should not contain <?xml version="1.0" encoding="utf-8" ?><configuration>...</configuration>
您将需要调整文件的生成操作(应为内容")和复制到输出目录项目设置(在Visual Studio中右键单击文件)->属性),以便在构建时将该文件包含在输出目录中.
You will need to adjust the Build Action (should be "Content") and Copy To Output Directory project settings for the file (right click on file in Visual Studio -> Properties) so the file is included in the output directory when you build.