加密 – 为什么我不能使用Azure上的自定义configProtectionProvider加密web.configappSettings(Windows Server 2012)？

概述我有一个MVC应用程序,它部署到运行在 Windows Server 2012虚拟机上的Windows Azure托管服务.在web.config文件中,我有3个部分加密 using the PKCS12ProtectedConfigurationProvider：connectionStrings,dataCacheClients和system.net/mailSettings/smtp.以下是 我有一个MVC应用程序,它部署到运行在 Windows Server 2012虚拟机上的windows Azure托管服务.在web.config文件中,我有3个部分加密 using the PKCS12ProtectedConfigurationProvider：connectionStrings,dataCacheClIEnts和system.net/mailSettings/smtp.以下是相关部分的外观：

<configuration>  ...  <configProtectedData>    <provIDers>      <add name="CustomProvIDer" thumbprint="[this is secret]"          type="Pkcs12ProtectedConfigurationProvIDer.Pkcs12ProtectedConfigurationProvIDer,PKCS12ProtectedConfigurationProvIDer,Version=1.0.0.0,Culture=neutral,PublicKeyToken=34da007ac91f901d" />    </provIDers>  </configProtectedData>  ...  <connectionStrings configProtectionProvIDer="CustomProvIDer">    <EncryptedData ... ommitted for brevity  </connectionStrings>  ...  <system.net>    <mailSettings>      <smtp configProtectionProvIDer="CustomProvIDer">        <EncryptedData ommitted for brevity      </smtp>    </mailSettings>  </system.net>  ...  <dataCacheClIEnts configProtectionProvIDer="CustomProvIDer">    <EncryptedData ommitted for brevity  </dataCacheClIEnts>  ...</configuration>

所有上述工作都完美无缺.部署到Azure时,连接字符串,SMTP邮件和数据缓存都可以正常工作. PKCS12ProtectedConfiguration提供程序使用我的自定义证书来解密部分,一切都很好.

但是我似乎无法使用相同的方法来加密web.config / appSettings.当我尝试将以下内容部署到Azure时…

<configuration>  ...  <appSettings configProtectionProvIDer="CustomProvIDer">    <EncryptedData ommitted for brevity  </appSettings>  ...</configuration>

…然后我得到以下异常：

Server Error in '/' Application.Configuration ErrorDescription: An error occurred during the processing of a configuration filerequired to service this request. Please revIEw the specific error detailsbelow and modify your configuration file appropriately.Parser Error Message: An error occurred loading a configuration file: Could notload file or assembly 'PKCS12ProtectedConfigurationProvIDer,PublicKeyToken=34da007ac91f901d' or one of its dependencIEs.The system cannot find the file specifIEd.Source Error: line 41:     </EncryptedData>line 42:   </connectionStrings>line 43:   <appSettings configProtectionProvIDer="CustomProvIDer">line 44:     <EncryptedData ...>line 45:       <EncryptionMethod .../>Source file: E:\sitesroot
Parser Error Message: An error occurred loading a configuration file: Could not load file or assembly 'PKCS12ProtectedConfigurationProvIDer' or one of its dependencIEs. The system cannot find the file specifIEd.
\web.config    line: 43 Assembly Load Trace: The following information can be helpful to determine whythe assembly 'PKCS12ProtectedConfigurationProvIDer,PublicKeyToken=34da007ac91f901d' Could not be loaded.WRN: Assembly binding logging is turned OFF.To enable assembly bind failure logging,set the registry value[HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.Note: There is some performance penalty associated with assembly bind failurelogging.To turn this feature off,remove the registry value[HKLM\Software\Microsoft\Fusion!EnableLog].

但是我知道PKCS12ProtectedConfigurationProvIDer.dll在/ bin文件夹中,因为：

>我远程进入VM并在approot / bin和siteroot / bin中看到它
>当我使用未加密的appSettings部署时,使用此dll成功解密其他3个部分.

在解析并加载appSettings部分之前,几乎就像汇编加载程序无法查找PKCS12ProtectedConfigurationProvIDer.dll文件一样.我已经尝试省略了提供程序配置部分的Version,Culture和PublicKeyToken部分,但之后错误只是更改为：

Assembly Load Trace: The following information can be helpful to determine whythe assembly 'PKCS12ProtectedConfigurationProvIDer,PublicKeyToken=34da007ac91f901d' Could not be loaded.=== Pre-bind state information ===LOG: User = NT AUTHORITY\NETWORK SERVICELOG: displayname = PKCS12ProtectedConfigurationProvIDer,PublicKeyToken=34da007ac91f901d (Fully-specifIEd)LOG: Appbase = file:///d:/windows/system32/inetsrv/LOG: Initial PrivatePath = NulLCalling assembly : (UnkNown).===LOG: This bind starts in default load context.LOG: No application configuration file found.LOG: Using host configuration file: D:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet.configLOG: Using machine configuration file from D:\windows\Microsoft.NET\Framework64\v4.0.30319\config\machine.config.LOG: Post-policy reference: PKCS12ProtectedConfigurationProvIDer,PublicKeyToken=34da007ac91f901dLOG: Attempting download of new URL file:///d:/windows/system32/inetsrv/PKCS12ProtectedConfigurationProvIDer.DLL.LOG: Attempting download of new URL file:///d:/windows/system32/inetsrv/PKCS12ProtectedConfigurationProvIDer/PKCS12ProtectedConfigurationProvIDer.DLL.LOG: Attempting download of new URL file:///d:/windows/system32/inetsrv/PKCS12ProtectedConfigurationProvIDer.EXE.LOG: Attempting download of new URL file:///d:/windows/system32/inetsrv/PKCS12ProtectedConfigurationProvIDer/PKCS12ProtectedConfigurationProvIDer.EXE.

在部署到windows Server 2012虚拟机上运行的windows Azure托管服务时,是否可以使用自定义configProtectionProvIDer加密web.config / appSettings？如果是这样,我在这里错过了什么？

更新：

发布后,我打开了Fusion！EnableLog注册表项,现在我在异常中获得了这些附加信息：

所以这是另一个问题：为什么IIS在这个程序集的inetsrv路径中查找而不是在app的/ bin文件夹中查找它？我在日志中看到“找不到应用程序配置文件”.这是否意味着程序集绑定程序必须找到带有未加密的appSettings部分的web.config才能解析并加载它？

解决方法 您是否尝试在角色启动时在GAC中安装程序集？

有关在启动http://blogs.infosupport.com/adding-assemblies-to-the-gac-in-windows-azure/时向gac添加组件的信息

总结

以上是内存溢出为你收集整理的加密 – 为什么我不能使用Azure上的自定义configProtectionProvider加密web.config / appSettings(Windows Server 2012)？全部内容，希望文章能够帮你解决加密 – 为什么我不能使用Azure上的自定义configProtectionProvider加密web.config / appSettings(Windows Server 2012)？所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。