Shulou(Shulou.com)06/01 Report--

Today, I would like to talk to you about the sensitive information about how to protect the .NET Core project, which may not be well understood by many people. In order to make you understand better, the editor summarized the following. I hope you can get something from this article.

We almost always have configuration files in our projects, which may store some sensitive information, such as database connection strings, third-party API AppKey and SecretKey, etc.

For open source projects, this sensitive information certainly cannot be submitted to the managed platform along with the source code.

For website applications, most of them are deployed to servers with public IP, and it is not safe for files with sensitive information to be placed in the Web directory.

It is better to store sensitive information files outside the project.

In .NET Core, we can use the Secret Manager tool to manage sensitive information, which can save sensitive information in a secrets.json file, which is not in the project folder, but in another place. For the three operating systems, its location is:

Windows:% APPDATA%/Microsoft/UserSecrets//secrets.json

Linux: ~ / .microsoft/usersecrets//secrets.json

Mac: ~ / .microsoft/usersecrets//secrets.json

A .NET Core application corresponds to a unique UserSecretsId, usually a GUID.

This also limits that every developer must have his or her own UserSecrets folder. Although it is troublesome, it also has an advantage. Is that each developer can develop with sensitive data that is different from other developers. For example, some companies' databases create independent database access accounts for each developer.

You can easily manipulate secrets.json in VS. Right-click the project and select "Manage User Secrets", as shown in the figure:

Edit the open secrets.json file and fill it with sensitive information, such as:

{

"ConnectionString": "server=localhost;database=testdb;uid=root;pwd=123456;"

}

After saving, a UserSecretsId is automatically generated in the .csproj file:

If you do not use VS, you can also manually add UserSecretsId here, and then add or remove configuration items through commands under the project directory, for example:

Dotnet user-secrets set "Foo:ApiKey"123456"

Dotnet user-secrets remove "Foo:ApiKey"

If secrets.json and appsettings.json have the same configuration item, the program will read the value of the former first.

For all configuration items for secrets.json, it is best to keep the corresponding placeholders in appsettings.json, such as:

{

"ConnectionString":

/ / other configurations

}

In this way, the placeholder in appsettings.json can tell other developers that there is such a configuration. This is very useful for open source projects.

Enjoy.

After reading the above, do you have any further understanding of how to protect the sensitive information of the .NET Core project? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.