加密App.config / Web.config文件

Question

我滥用Web.config文件作为某些Windows服务exe文件的配置文件，因为该服务主要需要与IIS相同的设置：

Directory.SetCurrentDirectory(AppDomain.CurrentDomain.BaseDirectory);

if (File.Exists("..\\Web.config"))
{
    var path = Path.GetFullPath("..\\Web.config");
    logger.Info("Web.config gefunden in {0}", path);
    AppConfig.Change(path);
}

其他人试图加密部分Web.config文件：

aspnet_regiis -pe connectionStrings -app /ourapp

将原始App.config重命名为Web.config并返回似乎是Microsoft推荐的加密App.config文件的方法：

https://weblogs.asp.net/jongalloway/encrypting-passwords-in-a-net-app-config-file

但是，Windows服务无法启动：

  

Anwendung：MyService.exe
  Frameworkversion：v4.0.30319
  Beschreibung：Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet。
  Ausnahmeinformationen：System.Configuration.ConfigurationErrorsException

bei System.Configuration.RsaProtectedConfigurationProvider.ThrowBetterException(Boolean)  
bei System.Configuration.RsaProtectedConfigurationProvider.GetCryptoServiceProvider(Boolean, Boolean)  
bei System.Configuration.RsaProtectedConfigurationProvider.Decrypt(System.Xml.XmlNode)  
bei System.Configuration.ProtectedConfigurationSection.DecryptSection(System.String, System.Configuration.ProtectedConfigurationProvider)  
bei System.Configuration.Internal.InternalConfigHost.System.Configuration.Internal.IInternalConfigHost.DecryptSection(System.String, System.Configuration.ProtectedConfigurationProvider, System.Configuration.ProtectedConfigurationSection)  
bei System.Configuration.Internal.DelegatingConfigHost.DecryptSection(System.String, System.Configuration.ProtectedConfigurationProvider, System.Configuration.ProtectedConfigurationSection)  
bei System.Configuration.BaseConfigurationRecord.CallHostDecryptSection(System.String, System.Configuration.ProtectedConfigurationProvider, System.Configuration.ProtectedConfigurationSection)  
bei System.Configuration.RuntimeConfigurationRecord.CallHostDecryptSection(System.String, System.Configuration.ProtectedConfigurationProvider, System.Configuration.ProtectedConfigurationSection)  
bei System.Configuration.BaseConfigurationRecord.DecryptConfigSection(System.Configuration.ConfigXmlReader, System.Configuration.ProtectedConfigurationProvider)  

  

Ausnahmeinformationen：System.Configuration.ConfigurationErrorsException

bei System.Configuration.BaseConfigurationRecord.EvaluateOne(System.String[], System.Configuration.SectionInput, Boolean, System.Configuration.FactoryRecord, System.Configuration.SectionRecord, System.Object)  
bei System.Configuration.BaseConfigurationRecord.Evaluate(System.Configuration.FactoryRecord, System.Configuration.SectionRecord, System.Object, Boolean, Boolean, System.Object ByRef, System.Object ByRef)  
bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)  
bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)  
bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)  
bei System.Configuration.BaseConfigurationRecord.GetSection(System.String)  
bei System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)  
bei System.Configuration.ConfigurationManager.GetSection(System.String)  
bei System.Configuration.ConfigurationManager.get_ConnectionStrings()  
bei MyService.Program.Main(System.String[])  

为什么会这样，我该如何解决？

Answer 1

您需要授予访问RSA容器的权限，该容器已将您的部分加密到您运行服务的帐户。默认情况下（使用您在问题中使用的aspnet_regiis命令），该容器名为＆＃34; NetFrameworkConfigurationKey＆＃34;，因此您需要执行此操作：

aspnet_regiis -pa "NetFrameworkConfigurationKey" "YourServiceAccountHere"