问题描述

随着 web.config 的消失，在使用ASP.NET Core构建的Web应用程序的配置中，存储敏感信息（密码，令牌）的首选方法是什么？ ？

有没有一种方法可以自动获取 appsetttings.json 中的加密配置节？

用户机密看起来是存储密码（通常至少在开发期间开发中）存储应用程序机密的好方法。 / p>

检查此或。您还可以检查其他问题。

这只是在开发过程中隐藏您的秘密，并避免将其透露到源代码树中的一种方法；

如果您想将加密的appsettings.json引入生产环境，则可以使用秘密管理器工具对存储的秘密进行加密，因此不应将其视为受信任的存储。对此没有限制。您可以构建自定义配置提供程序。
检查。

例如：

 公共类CustomConfigProvider：ConfigurationProvider，IConfigurationSource 
 {
 public CustomConfigProvider（）
 {
} 
 
公共重写void Load（）
 {
数据= UnencryptMyConfiguration（）; 
} 
 
 private IDictionary< string，string> UnencryptMyConfiguration（）
 {
 //做任何您需要在这里做的事，例如加载文件并通过密钥
解密密钥//类似：
 var configValues = new Dictionary<字符串，字符串> 
 {
 { key1， unencryptedValue1}，
 { key2， unencryptedValue2} 
}; 
返回configValues; 
} 
 
 private IDictionary< string，string> CreateAndSaveDefaultValues（IDictionary< string，string> defaultDictionary）
 {
 var configValues = new Dictionary< string，string> 
 {
 { key1， encryptedValue1}，
 { key2， encryptedValue2} 
}; 
返回configValues; 
} 
 
 public IConfigurationProvider Build（IConfigurationBuilder builder）
 {
 return new CustomConfigProvider（）; 
} 
} 
  

为扩展方法定义一个静态类：

 公共静态类CustomConfigProviderExtensions 
 {
 public static IConfigurationBuilder AddEncryptedProvider（此IConfigurationBuilder构建器）
 {
 return builder.Add（new CustomConfigProvider（））; 
} 
} 
  

然后您可以激活它：

  //设置配置源。 
 var builder = new ConfigurationBuilder（）
 .AddJsonFile（ appsettings.json）
 .AddEncryptedProvider（）
 .AddJsonFile（$ appsettings。{env.EnvironmentName} .json ，可选：true）; 
  

With web.config going away, what is the preferred way to store sensitive info (passwords, tokens) in the configurations of a web app built using ASP.NET Core?

Is there a way to automatically get encrypted configuration sections in appsetttings.json?

User secrets looks like a good solution for storing passwords, and, generally, application secrets, at least during development.

Check this article or this. You can also check this other SO question.

This is just a way to "hide" you secrets during development process and to avoid disclosing them into the source tree; the Secret Manager tool does not encrypt the stored secrets and should not be treated as a trusted store.

If you want to bring an encrypted appsettings.json to production, there is no limit about that. You can build your custom configuration provider.Check this.

For example:

public class CustomConfigProvider : ConfigurationProvider, IConfigurationSource
{
    public CustomConfigProvider()
    {
    }

    public override void Load()
    {
        Data = UnencryptMyConfiguration();
    }

    private IDictionary<string, string> UnencryptMyConfiguration()
    {
        // do whatever you need to do here, for example load the file and unencrypt key by key
        //Like:
       var configValues = new Dictionary<string, string>
       {
            {"key1", "unencryptedValue1"},
            {"key2", "unencryptedValue2"}
       };
       return configValues;
    }

    private IDictionary<string, string> CreateAndSaveDefaultValues(IDictionary<string, string> defaultDictionary)
    {
        var configValues = new Dictionary<string, string>
        {
            {"key1", "encryptedValue1"},
            {"key2", "encryptedValue2"}
        };
        return configValues;
    }

    public IConfigurationProvider Build(IConfigurationBuilder builder)
    {
       return new CustomConfigProvider();
    }
}

Define a static class for your extension method:

public static class CustomConfigProviderExtensions
{
        public static IConfigurationBuilder AddEncryptedProvider(this IConfigurationBuilder builder)
        {
            return builder.Add(new CustomConfigProvider());
        }
}

And then you can activate it:

// Set up configuration sources.
var builder = new ConfigurationBuilder()
    .AddJsonFile("appsettings.json")
    .AddEncryptedProvider()
    .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true);

这篇关于ASP.NET Core中的加密配置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！