当前位置:网站首页>How to Asp.Net Managing sensitive data in core

How to Asp.Net Managing sensitive data in core

2020-12-07 12:46:06 osc_ uwh2aihq

Translation links :https://www.infoworld.com/article/3576292/how-to-work-with-user-secrets-in-asp-net-core.html

In application development , You're bound to have some data that you need to protect in particular , This data is usually very confidential , alive , Don't share with others , This information includes : Database connection string , You'll see , After all, there is userid and password, also OAuth Validation used accesskey,apikey Or configure azure,aws And so on .

When projects are shared with others , This sensitive information is naturally exposed to others , This is usually the result I don't want to see , How to prevent it ?ASP.NET Core One of them is called User Secrets characteristic , It allows sensitive user information to be stored outside the project in a json In file , How to manage this json What about the documents ? You can go through Command line tools Secrets Manager To manage sensitive information , This article is mainly to talk about how to manage this User Secrets.

Add... To the project user secrets

It's very convenient to put user secrets Add to your project , All you need to do is .

  • On the solution manager, select project

  • Right click to select Manage User Secrets.

then Visual Studio 2019 It will automatically open a secrets.json file .

The next in secrets.json Add some sensitive data to .


{
  "ConnectionString""This is a test connection string",
  "APIKey""This is s secret key",
  "AppSettings": {
    "GlobalSettings": {
      "GlobalAccessKey""This is a global access key!"
    }
  }
}


by the way , default secret.json The file path is as follows :


C:\Users\38034\AppData\Roaming\Microsoft\UserSecrets\b87644d3-6898-47e4-8580-b3de15f22b96

Compile the project , Then open the project Of meta file .csproj, You'll find a new one UserSecretsId node , The code is as follows :


<Project Sdk="Microsoft.NET.Sdk.Web">
  <PropertyGroup>
    <TargetFramework>netcoreapp3.1</TargetFramework>
    <UserSecretsId>e4f51d14-ddc1-48f4-bb34-84c114e3d6d0</UserSecretsId>
  </PropertyGroup>
</Project>

Use Secret Manager tool Management tools

This Secret Manager tool yes .NET Core A command line management tool in the , Mainly used for management Configuration and sensitive data , In this section, let's look at how to use this gadget .

Generate user secrets

stay cmd Window input the following command :


dotnet user-secrets init

newly added user secrets Content

To see all the current secrets, Enter the following command .


dotnet user-secrets list

The figure below shows some of the things I created earlier key.

Next use set Command to set a sensitive piece of data .


dotnet user-secrets set "AuthorApiKey" "xyz1@3"

visit secret

In order to be able to access with code , It can be used ASP.NET Core Inside Configuration Api,HomeController The code for is as follows :


    public class HomeController : Controller
    {
        private readonly ILogger<HomeController> _logger;
        public HomeController(ILogger<HomeController> logger)
        {
            _logger = logger;
        }
        //Action methods go here - this is done for brevity
    }

Because I need to use Configuration Api To visit , Here I'm going to implement it in the form of dependency injection configuration The injection of , The code is as follows :


    public class HomeController : Controller
    {
        private readonly ILogger<HomeController> _logger;
        private readonly IConfiguration _config;
        public HomeController(ILogger<HomeController> logger,
                              IConfiguration config)
        {
            _logger = logger;
            _config = config;
        }
        //Action methods go here - this is done for brevity
    }

Delete secret

To delete this key, You can use the following command .


dotnet user-secrets remove "AuthorApiKey"

If you want to remove everything key, You can use the following command .


dotnet user-secrets clear

If you want to remove a sublayer from a hierarchy key, have access to : Operator , The code is as follows :


dotnet user-secrets remove "AppSettings:GlobalSettings"

ASP.NET Core Redefining right Configuration Data configuration in , Management and protection , And this one is very ???????? Of  User Secrets, It can be a good alternative to using environment variables before , And it can ensure that there is no more sensitive data in the source code , After all User Secrets It's stored in a folder outside the project , This path has been shown to you before , yes windows One of the User folders .

But there's a drawback here , Stored in User Secrets The data in is in clear text form , Don't be afraid. , I'll discuss some other ways to protect user sensitive data in later articles , for instance :Azure application settings and  Azure key vault.

版权声明
本文为[osc_ uwh2aihq]所创,转载请带上原文链接,感谢
https://chowdera.com/2020/12/202012071236422203.html