gpt4 book ai didi

encryption - 为什么我无法在 Azure (Windows Server 2012) 上使用自定义 configProtectionProvider 加密 web.config/appSettings?

转载 作者:行者123 更新时间:2023-12-04 15:13:06 25 4
gpt4 key购买 nike

我有一个 MVC 应用程序,该应用程序部署到在 Windows Server 2012 虚拟机上运行的 Windows Azure 托管服务。在 web.config 文件中,我有 3 个加密部分 using the PKCS12ProtectedConfigurationProvider :connectionStringsdataCacheClientssystem.net/mailSettings/smtp。相关部分如下所示:

<configuration>
...
<configProtectedData>
<providers>
<add name="CustomProvider" thumbprint="[this is secret]"
type="Pkcs12ProtectedConfigurationProvider.Pkcs12ProtectedConfigurationProvider, PKCS12ProtectedConfigurationProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=34da007ac91f901d" />
</providers>
</configProtectedData>
...
<connectionStrings configProtectionProvider="CustomProvider">
<EncryptedData ... ommitted for brevity
</connectionStrings>
...
<system.net>
<mailSettings>
<smtp configProtectionProvider="CustomProvider">
<EncryptedData ommitted for brevity
</smtp>
</mailSettings>
</system.net>
...
<dataCacheClients configProtectionProvider="CustomProvider">
<EncryptedData ommitted for brevity
</dataCacheClients>
...
</configuration>

以上所有工作都完美。部署到 Azure 后,连接字符串、SMTP 邮件和数据缓存都可以正常工作。 PKCS12ProtectedConfiguration 提供程序使用我的自定义证书来解密这些部分,一切都很好。

但是我似乎无法使用相同的方法来加密web.config/appSettings。当我尝试将如下内容部署到 Azure 时...

<configuration>
...
<appSettings configProtectionProvider="CustomProvider">
<EncryptedData ommitted for brevity
</appSettings>
...
</configuration>

...然后我得到以下异常:

Server Error in '/' Application.

Configuration Error

Description: An error occurred during the processing of a configuration file
required to service this request. Please review the specific error details
below and modify your configuration file appropriately.

Parser Error Message: An error occurred loading a configuration file: Could not
load file or assembly 'PKCS12ProtectedConfigurationProvider, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=34da007ac91f901d' or one of its dependencies.
The system cannot find the file specified.

Source Error:

Line 41: </EncryptedData>
Line 42: </connectionStrings>
Line 43: <appSettings configProtectionProvider="CustomProvider">
Line 44: <EncryptedData ...>
Line 45: <EncryptionMethod .../>

Source File: E:\sitesroot\0\web.config Line: 43

Assembly Load Trace: The following information can be helpful to determine why
the assembly 'PKCS12ProtectedConfigurationProvider, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=34da007ac91f901d' could not be loaded.

WRN: Assembly binding logging is turned OFF.
To enable assembly bind failure logging, set the registry value
[HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
Note: There is some performance penalty associated with assembly bind failure
logging.
To turn this feature off, remove the registry value
[HKLM\Software\Microsoft\Fusion!EnableLog].

但是我知道 PKCS12ProtectedConfigurationProvider.dll 位于 /bin 文件夹中,因为:

  1. 我远程进入虚拟机并在 approot/binsiteroot/bin 中看到它
  2. 当我在 appSettings 未加密的情况下进行部署时,其他 3 个部分已使用此 dll 成功解密。

就好像程序集加载器在解析并加载 appSettings 部分之前无法查找 PKCS12ProtectedConfigurationProvider.dll 文件。我尝试省略提供程序配置部分的 Version、Culture 和 PublicKeyToken 部分,但错误只是更改为:

Parser Error Message: An error occurred loading a configuration file: Could not 
load file or assembly 'PKCS12ProtectedConfigurationProvider' or one of its
dependencies. The system cannot find the file specified.

部署到 Windows Server 2012 虚拟机上运行的 Windows Azure 托管服务时,是否可以使用自定义 configProtectionProvider 加密 web.config/appSettings如果是这样,我在这里错过了什么?

更新:

发布此内容后,我打开了 Fusion!EnableLog 注册表项,现在我在异常中获得了以下附加信息:

Assembly Load Trace: The following information can be helpful to determine why
the assembly 'PKCS12ProtectedConfigurationProvider, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=34da007ac91f901d' could not be loaded.

=== Pre-bind state information ===
LOG: User = NT AUTHORITY\NETWORK SERVICE
LOG: DisplayName = PKCS12ProtectedConfigurationProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=34da007ac91f901d
(Fully-specified)
LOG: Appbase = file:///d:/windows/system32/inetsrv/
LOG: Initial PrivatePath = NULL
Calling assembly : (Unknown).
===
LOG: This bind starts in default load context.
LOG: No application configuration file found.
LOG: Using host configuration file: D:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet.config
LOG: Using machine configuration file from D:\Windows\Microsoft.NET\Framework64\v4.0.30319\config\machine.config.
LOG: Post-policy reference: PKCS12ProtectedConfigurationProvider, Version=1.0.0.0, Culture=neutral, PublicKeyToken=34da007ac91f901d
LOG: Attempting download of new URL file:///d:/windows/system32/inetsrv/PKCS12ProtectedConfigurationProvider.DLL.
LOG: Attempting download of new URL file:///d:/windows/system32/inetsrv/PKCS12ProtectedConfigurationProvider/PKCS12ProtectedConfigurationProvider.DLL.
LOG: Attempting download of new URL file:///d:/windows/system32/inetsrv/PKCS12ProtectedConfigurationProvider.EXE.
LOG: Attempting download of new URL file:///d:/windows/system32/inetsrv/PKCS12ProtectedConfigurationProvider/PKCS12ProtectedConfigurationProvider.EXE.

这里还有一个问题:为什么 IIS 在 inetsrv 路径中查找此程序集,而不是在应用程序的 /bin 中查找它文件夹?我在日志中看到“找不到应用程序配置文件”。这是否意味着程序集绑定(bind)程序必须找到带有未加密的 appSettings 部分的 web.config 才能解析和加载它?

最佳答案

您是否尝试在角色启动时在 GAC 中安装程序集?

有关在启动时向 gac 添加程序集的信息 http://blogs.infosupport.com/adding-assemblies-to-the-gac-in-windows-azure/

关于encryption - 为什么我无法在 Azure (Windows Server 2012) 上使用自定义 configProtectionProvider 加密 web.config/appSettings?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/15067759/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com