Shulou(Shulou.com)06/03 Report--

This article will explain in detail how ASP.NET Core keeps secret User Secrets in the development environment. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

Preface

In the process of application development, it is sometimes necessary to keep some confidential information in the code, such as encryption keys, strings, or user names and passwords. The usual practice is to save it to a configuration file, which we would have saved to web.config in the past, but in ASP.NET Core, this approach may have changed, or you have more diversified methods, and more elegant configurations to set or store these confidential information.

At first I thought this UserSecrets was useless, because I could configure it directly into the appsetting.json file where I needed to configure it, but it wasn't until a development process that I felt its real use.

Catalogue

User secret introduction

How to add user Secrets

Use user secrets in an application

Summary

User secret introduction

There are the following scenarios where you can think about how we handled it in the previous code:

You need to save some keys that connect with third-party websites, such as appkey used by Wechat and Weibo sites.

Configure each developer with an unused username and password to access some resources

Developers use their own local databases in the development process, and how to configure database addresses, accounts and passwords

Assuming that the last item is that each developer uses his or her own native database, you might say that everyone should modify their own web.config and not commit the code when they submit it. Then it is obviously unreasonable not to submit the web.config file when adding other configuration items to web.config.

Now, ASP.NET Core provides an elegant and concise way for User Secrets to help us solve this problem.

When you create a new ASP.NET Core Web application, you will see this code in the Startup.cs file:

Public Startup (IHostingEnvironment env) {. If (env.IsDevelopment ()) {builder.AddUserSecrets ();} builder.AddEnvironmentVariables ();}

In the project.json file, you will see some configuration related to User Secrets

{"userSecretsId": "aspnet-WebAppCore-e278c40f-15bd-4c19-9662-541514f02f3e" "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0", "Microsoft.Extensions.SecretManager.Tools": "1.0.0-preview2-final"}

You can see the builder.AddUserSecrets line of code, which runs in the development environment.

UserSecretsId is used to identify the User Secrets uniqueness of a project, and if there are two projects that need to use different Secrets, this requires a different userSecretsId.

Microsoft.Extensions.SecretManager.Tools is mainly used to set or view the value of secrets.

How to add user Secrets

You can use commands on the command line to add:

Image

Switch the command line window to the directory where the program is running, and type dotnet user-secrets-h to view the commands that can be used

Use dotnet user-secrets list to list all user secrets

Use dotnet user-secrets set WeChatAppKey "X3423FEED2435DD" to set a user secret, where WebChatAppKey is the key, followed by the value.

Then use dotnet user-secrets list to view the set key-value pairs.

Then I set up a connection string for the database.

The above is to use the command line to set user secrets, or you can use Visual Studio 2015 instead of the command line to do this.

In Visual Studio, right-click on the Web project to see a menu that manages user secrets:

Image

When you click to open, you will see a secrets.json file containing the key-value pair you just set on the command line:

Image

Some students may ask, since it is stored in secrets.json, where is this file?

Where is the storage location of secrets.json?

In non-Windows systems, it is stored in the

~ / .microsoft/usersecrets//secrets.json

In the Windows system, its location is in

C:\ Users\ user name\ AppData\ Roaming\ Microsoft\ UserSecrets\ aspnet-WebAppCore-e278c40f-15bd-4c19-9662-541514f02f3e

As you can see, the upper folder stored is the value set by userSecretsId in the project.json file.

Use user secrets in an application

To access configured user secrets in your application, you need to ensure that there are dependencies in the project.json file:

Microsoft.Extensions.Configuration.UserSecrets and builder.AddUserSecrets ().

Then access it through the Configuration object in the Startup.cs file

Public IConfigurationRoot Configuration {get;} public void ConfigureServices (IServiceCollection services) {var wechatKey = Configuration ["WeChatAppKey"]}

You can use DI to map user secrets to a C # class file, like this

Secrets.json

{"SecretsKeys": {WeCharAppKey: "xxejfwert3045", WeboAppKey: "35402345lkefgjlkdfg". }}

SecretsKeysConfig.cs

Public class SecretsKeysConfig {public string WeCharAppKey {get; set;} public string WeboAppKey {get; set;} / /.}

Startup.cs

Public void ConfigureServices (IServiceCollection services) {services.Configure (Configuration.GetSection ("SecretsKeys")); / / other code}

HomeController.cs

Public class HomeController: Controller {public SecretsKeysConfig AppConfigs {get;} public HomeController (IOptions appkeys) {AppConfigs = appkeys.Value;}}

Note: if your appsetting.json file has the same node (conflict) configuration item in the secrets.json file, it will be overwritten by the setting item in secrets.json, because builder.AddUserSecrets () is registered later than AddJsonFile ("appsettings.json"), so we can use this feature to reset the database connection string on every developer's machine.

This is the end of the article on "how ASP.NET Core keeps confidential User Secrets in the development environment". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.