dan*_*wig 6 encryption web-config appsettings azure windows-server-2012
我有一个MVC应用程序,它部署到运行在Windows Server 2012虚拟机上的Windows Azure托管服务.在web.config文件中,我有3个部分加密的使用PKCS12ProtectedConfigurationProvider:connectionStrings,dataCacheClients,和system.net/mailSettings/smtp.以下是相关部分的外观:
<configuration>
...
<configProtectedData>
<providers>
<add name="CustomProvider" thumbprint="[this is secret]"
type="Pkcs12ProtectedConfigurationProvider.Pkcs12ProtectedConfigurationProvider, PKCS12ProtectedConfigurationProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=34da007ac91f901d" />
</providers>
</configProtectedData>
...
<connectionStrings configProtectionProvider="CustomProvider">
<EncryptedData ... ommitted for brevity
</connectionStrings>
...
<system.net>
<mailSettings>
<smtp configProtectionProvider="CustomProvider">
<EncryptedData ommitted for brevity
</smtp>
</mailSettings>
</system.net>
...
<dataCacheClients configProtectionProvider="CustomProvider">
<EncryptedData ommitted for brevity
</dataCacheClients>
...
</configuration>
所有上述工作都完美无缺.部署到Azure时,连接字符串,SMTP邮件和数据缓存都可以正常工作.该PKCS12ProtectedConfiguration供应商使用我的自定义证书解密的部分,一切都很好.
但是我似乎无法使用相同的方法进行加密web.config/appSettings.当我尝试将以下内容部署到Azure时...
<configuration>
...
<appSettings configProtectionProvider="CustomProvider">
<EncryptedData ommitted for brevity
</appSettings>
...
</configuration>
...然后我得到以下异常:
Server Error in '/' Application.
Configuration Error
Description: An error occurred during the processing of a configuration file
required to service this request. Please review the specific error details
below and modify your configuration file appropriately.
Parser Error Message: An error occurred loading a configuration file: Could not
load file or assembly 'PKCS12ProtectedConfigurationProvider, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=34da007ac91f901d' or one of its dependencies.
The system cannot find the file specified.
Source Error:
Line 41: </EncryptedData>
Line 42: </connectionStrings>
Line 43: <appSettings configProtectionProvider="CustomProvider">
Line 44: <EncryptedData ...>
Line 45: <EncryptionMethod .../>
Source File: E:\sitesroot\0\web.config Line: 43
Assembly Load Trace: The following information can be helpful to determine why
the assembly 'PKCS12ProtectedConfigurationProvider, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=34da007ac91f901d' could not be loaded.
WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value
[HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly bind failure
logging.
To turn this feature off, remove the registry value
[HKLM\Software\Microsoft\Fusion!EnableLog].
但是我知道PKCS12ProtectedConfigurationProvider.dll它在/bin文件夹中是因为:
approot/bin和siteroot/binappSettings未加密的部署时,使用此dll成功解密其他3个部分.这几乎就好像程序集加载器PKCS12ProtectedConfigurationProvider.dll在解析并加载该appSettings部分之后才能查找该文件.我已经尝试省略了提供程序配置部分的Version,Culture和PublicKeyToken部分,但之后错误只是更改为:
Parser Error Message: An error occurred loading a configuration file: Could not
load file or assembly 'PKCS12ProtectedConfigurationProvider' or one of its
dependencies. The system cannot find the file specified.
在部署到Windows Server 2012虚拟机上运行的Windows Azure托管服务时,是否可以web.config/appSettings使用自定义进行加密configProtectionProvider?如果是这样,我在这里错过了什么?
发布后我打开了Fusion!EnableLog注册表项,现在我在异常中获得了这些附加信息:
Assembly Load Trace: The following information can be helpful to determine why
the assembly 'PKCS12ProtectedConfigurationProvider, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=34da007ac91f901d' could not be loaded.
=== Pre-bind state information ===
LOG: User = NT AUTHORITY\NETWORK SERVICE
LOG: DisplayName = PKCS12ProtectedConfigurationProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=34da007ac91f901d
(Fully-specified)
LOG: Appbase = file:///d:/windows/system32/inetsrv/
LOG: Initial PrivatePath = NULL
Calling assembly : (Unknown).
===
LOG: This bind starts in default load context.
LOG: No application configuration file found.
LOG: Using host configuration file: D:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet.config
LOG: Using machine configuration file from D:\Windows\Microsoft.NET\Framework64\v4.0.30319\config\machine.config.
LOG: Post-policy reference: PKCS12ProtectedConfigurationProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=34da007ac91f901d
LOG: Attempting download of new URL file:///d:/windows/system32/inetsrv/PKCS12ProtectedConfigurationProvider.DLL.
LOG: Attempting download of new URL file:///d:/windows/system32/inetsrv/PKCS12ProtectedConfigurationProvider/PKCS12ProtectedConfigurationProvider.DLL.
LOG: Attempting download of new URL file:///d:/windows/system32/inetsrv/PKCS12ProtectedConfigurationProvider.EXE.
LOG: Attempting download of new URL file:///d:/windows/system32/inetsrv/PKCS12ProtectedConfigurationProvider/PKCS12ProtectedConfigurationProvider.EXE.
所以这是另一个问题:为什么IIS在inetsrv这个程序集的路径中查找而不是在应用程序的/bin文件夹中查找它?我在日志中看到"找不到应用程序配置文件".这是否意味着程序集绑定程序必须找到一个web.config带有未加密的appSettings部分才能解析并加载它?
您是否尝试在角色启动时在GAC中安装程序集?
有关在启动时向gac添加程序集的信息http://blogs.infosupport.com/adding-assemblies-to-the-gac-in-windows-azure/
| 归档时间: |
|
| 查看次数: |
2980 次 |
| 最近记录: |