web.config加密和解密

在asp.net开发过程中，为了更好的维护和修改，有些东西，我们需要把这些东西写到web.config中，但是为了安全考虑，有些敏感信息容易泄漏，比如连接字符串，如果受到黑客攻击，那么是非常危险的，所以对web.config的加密时非常必须的，下面介绍本人常用的两种加密解密方法：

第一种方式通过DESCryptoServiceProvider类加密

public class EnDeCrypt
    {
        private int key="longpaissrs";

public int Key
        {
            get { return key; }
            set { key = value; }
        }
       public static string Encrypt(string encryptString)
       {
           byte[] keyBytes = Encoding.UTF8.GetBytes(key.Substring(0, 8));
           byte[] keyIV = keyBytes;
           byte[] inputByteArray = Encoding.UTF8.GetBytes(encryptString);
           DESCryptoServiceProvider provider = new DESCryptoServiceProvider();
           MemoryStream mStream = new MemoryStream();
           CryptoStream cStream = new CryptoStream(mStream, provider.CreateEncryptor(keyBytes, keyIV), CryptoStreamMode.Write);
           cStream.Write(inputByteArray, 0, inputByteArray.Length);
           cStream.FlushFinalBlock();
           return Convert.ToBase64String(mStream.ToArray());
       }
       public static string Decrypt(string decryptString)
       {
           byte[] keyBytes = Encoding.UTF8.GetBytes(key.Substring(0, 8));
           byte[] keyIV = keyBytes;
           byte[] inputByteArray = Convert.FromBase64String(decryptString);
           DESCryptoServiceProvider provider = new DESCryptoServiceProvider();
           MemoryStream mStream = new MemoryStream();
           CryptoStream cStream = new CryptoStream(mStream, provider.CreateDecryptor(keyBytes, keyIV), CryptoStreamMode.Write);
           cStream.Write(inputByteArray, 0, inputByteArray.Length);
           cStream.FlushFinalBlock();
           return Encoding.UTF8.GetString(mStream.ToArray());
       }
    }

这是一个可逆的加密方法，把加过密的字符串放到web.config中，然后在使用的时候，解密就可以了

第二中方法通过SectionInformation类加密和解密

加密

  protected void Button1_Click(object sender, EventArgs e)
    {
        Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
        ConfigurationSection section = config.GetSection("connectionStrings");
        if(section!=null && !section.SectionInformation.IsProtected)
        {
            section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider");
            config.Save();
            Response.Write("<script>alert('加密成功')</script>");
        }
    }

解密

 protected void Button2_Click(object sender, EventArgs e)
    {
        Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
        ConfigurationSection section = config.GetSection("connectionStrings");
        if(section!=null && section.SectionInformation.IsProtected)
        {
            section.SectionInformation.UnprotectSection();
            config.Save();
            Response.Write("<script>alert('解密成功')</script>");
        }
    }

加过密的链接字符串

<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
  <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
   xmlns="http://www.w3.org/2001/04/xmlenc#">
   <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
   <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
    <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
     <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
     <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
      <KeyName>Rsa Key</KeyName>
     </KeyInfo>
     <CipherData>
      <CipherValue>EXjwQ7khs+Dvb4CEiOcPBC4rWPHiJf2iJS/LIM6c7S5HZVhe0WDEUDzqwExZF9O021O1L/Yj5CxLeySu9ncPQ/SAueMW1SfGqqYerrlMQvo8uEeyLslpYKtNqZXrTARUD92xUn503ecFXSSVmfxjDB0E4cB6F3QOwu2gxZ3Jgj8=</CipherValue>
     </CipherData>
    </EncryptedKey>
   </KeyInfo>
   <CipherData>
    <CipherValue>Xpoiujj1SoUPBwgLOnoYuIwVqsjFB30AmOpm2/+Pte0uacvSgVtrvyFPky94JyG5Ztt3fMKfrSJHVrEoeM5vTlK6xHh8bWiXirg2UOBeJK9I+n9Dga3VwNBWkOmWqPMvxM4rH7S84hRttRRp/Mr6qle+D2RAnIgMgzeJk4fQa1+Pnci97EdxcfOWrnmFV9lZXcJXYtEpvQVgnOce2Y+KDV3+gUboAo/d</CipherValue>
   </CipherData>
  </EncryptedData>
 </connectionStrings>

这两种方法的区别在与一个可逆，使用的时候需要解密，一个不用解密，asp.net可自动解密，还可以通过其他加密方式，如asp.net_regiis.exe工具或其他的加密方法，在这里就不说了！