I am looking for a p开发者_Go百科roven approach for management of configuration file (app.config and web.config) and its contents for .NET applications. The objectives are:
- Keep the file's content encrypted to eliminate unwanted change by unauthorised way.
- Have a user interface to change tags, values for particular sections
- Manage which sections are editable
Please let me know approaches taken by you or any standard tool/utility or pattern for the same.
Really curious about your use case. I would consider taking your configuration that needs securing elsewhere. Creating your own separate configuration manager or at least a separate file might make this use case easier.
You can edit some web.config values from IIS management console. Editing tags will typically break your application? What would you look for in an editor that say Notepad.exe can't provide?
You could secure the ASP.NET applications files on the file system, only allowing a specific user or user group access to the web application's files. You will need to configure IIS to run as a user that has appropriate permissions in that case.
Windows file system has some encryption features that you could use to supplement this (no experience with it).
You can also consider just encrypting some relevant value strings in the web.config itself and not the whole file.
精彩评论