I need to keep access settings to different web pages inside of my asp.net application. These setting are logins and passwords for those pages. Is it safe enough to kee开发者_开发百科p them in web.config in section??
Yes, you COULD keep log in information and passwords in your web.config and you can protect those sections by encrypting them. I don't know if that's the most suitable place to do so, but given your description I'll assume that it is the best solution for your case.
Here is a robust way to implement encryption: What is the proper method for encrypting ASP.NET connetionStrings?
private void ProtectSection(string sectionName,
string provider)
{
Configuration config =
WebConfigurationManager.
OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section =
config.GetSection(sectionName);
if (section != null &&
!section.SectionInformation.IsProtected)
{
section.SectionInformation.ProtectSection(provider);
config.Save();
}
}
private void UnProtectSection(string sectionName)
{
Configuration config =
WebConfigurationManager.
OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSection section =
config.GetSection(sectionName);
if (section != null &&
section.SectionInformation.IsProtected)
{
section.SectionInformation.UnprotectSection();
config.Save();
}
}
So to protect the settings you just call the ProtectSection method with the section you wish to protect and the protection provider of your choice (usually DataProtectionConfigurationProvider or RSAProtectedConfigurationProvider):
ProtectSection("appSettings", "DataProtectionConfigurationProvider");
To un-protect a section you call the UnProtectSection method with the section you want to unprotect:
UnProtectSection("appSettings");
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论