Extreme ASP.NET: Keeping Secrets in ASP.NET 2.0

摘要

Storing data securely in a configuration system is not an easy problem to solve. While I was on the ASP.NET team, this particular feature, secure connection string storage, looked as if it wouldn't get done. A whole host of problems surrounding it, such as key storage, were in the way. The good news is that not only was it eventually completed, but it has become part of the powerful new set of APIs in ASP.NET 2.0 that allow you to manage the ASP .NET configuration file programmatically.Before diving into ASP.NET 2.0, though, let's take a look at the problem and various solutions in ASP.NET 1 .x. If you have used ASP .NET for any time at all, you are no doubt aware of the recommendation to store shared settings in the web.config file.