不在 Azure 上托管时生产服务器上的 .NET Core 机密
我一直在努力了解 .NET Core 如何处理敏感信息,并且正在努力研究如何在不是的生产环境中进行部署托管在 Azure 上.
I've been trying to understand how .NET Core handles sensitive information and I'm struggling to work out how to deploy on a production environment that isn't being hosted on Azure.
据我所知,我可以使用秘密存储";在我的本地开发环境中存储敏感信息,但这仅适用于开发环境.
From what I understand I can use "secret storage" on my local development environment to store sensitive information, but this only works on the development environment.
如果我想访问生产环境中的秘密变量,似乎建议使用 Azure Key Vault?但是,根据我所阅读的内容,除非我也在 Azure 上托管,否则我无法访问这些机密.
If I want to access secret variables on the production environment it seems that Azure Key Vault is the recommended approach? However from what I'm reading I can't access these secrets unless I'm hosting on Azure too.
在我的情况下,我们已经通过 3rd 方托管公司设置了我们的托管,所以我想知道是否有可能在不在 Azure 上托管时仍以某种方式使用 Azure 的 Key Vault.如果做不到这一点,有什么替代方案?
In my situation we already have our hosting set up with a 3rd party hosting company, so I'm wondering if it's possible to somehow still use Azure's Key Vault when not hosting on Azure. Failing that, what are the alternatives?
谢谢
在我的情况下,我们已经与第 3 方建立了我们的托管托管公司,所以我想知道是否有可能以某种方式仍然不在 Azure 上托管时使用 Azure 的 Key Vault.失败了,什么有其他选择吗?
In my situation we already have our hosting set up with a 3rd party hosting company, so I'm wondering if it's possible to somehow still use Azure's Key Vault when not hosting on Azure. Failing that, what are the alternatives?
您仍然可以完全使用 On Premise 替代方案来安全地托管您的机密,而无需将它们放入设置文件中.
You can still use fully On Premise alternative to securely host your secrets without putting them into the settings file.
您首先需要了解的是设置如何加载到 ASP.Net Core 应用程序中.在撰写此答案时,这是在 Program.cs 文件上调用 CreateDefaultBuilder 时用于加载配置的顺序:
What you need to know first is how settings are loading into ASP.Net Core applications. At the time of writing this answer this is the order that is used to load the configurations when you call CreateDefaultBuilder on the Program.cs file:
CreateDefaultBuilder 为应用程序提供默认配置以下顺序:
CreateDefaultBuilderprovides default configuration for the app in the following order:
ChainedConfigurationProvider:添加一个现有的IConfiguration作为源.默认配置情况下,添加主机配置并将其设置为应用配置的第一个来源.
ChainedConfigurationProvider: Adds an existingIConfigurationas a source. In the default configuration case, adds the host configuration and setting it as the first source for the app configuration.
appsettings.json 使用 JSON 配置提供程序.
appsettings.json using the JSON configuration provider.
appsettings.Environment.json 使用 JSON 配置提供程序.例如,appsettings.Production.json 和appsettings.Development.json.
appsettings.Environment.json using the JSON configuration provider. For example, appsettings.Production.json and
appsettings.Development.json.
应用在开发环境中运行时的应用机密.
App secrets when the app runs in the Development environment.
使用环境变量配置提供程序的环境变量.
Environment variables using the Environment Variables configuration provider.
使用命令行配置提供程序的命令行参数.
Command-line arguments using the Command-line configuration provider.
就您而言,您需要查看的步骤是第 5 步.在 Windows 中,环境变量的配置方式有两种:
In your case, the step you need to look at is the step n°5. In Windows, environment variables are configured in two ways:
- 全局:机器环境变量.所以这意味着所有用户都可以看到环境变量
- 每个用户:用户只能看到属于他们的环境变量.用户无法看到其他环境变量,直到他/她使用她/他的登录名和密码作为该用户进行连接.
- globally: machines environment variables. So it means all users can see environment variables
- per user: users only see environment variables belong to them. A user can't see other environment variables until he/she connected as that user using her/his login and password.
因此,在您的情况下,您需要执行以下步骤:
So in your case you need to follow these steps:
您需要创建一个特定的用户帐户来运行您的应用程序.
You'll need to create a specific user account for running your application.
它只能是本地用户帐户.
It can be only a local user account.
使用新创建的用户帐户连接到服务器,设置环境变量并确保它将保留在该用户的范围内(这是下面 PowerShell 命令中 thrid 参数的用途).例如,要设置连接字符串,您将运行如下所示的内容:
Connect to the server with that newly created user account, set the environment variables and make sure it will remain in the scope of that user (it is the purpose of the thrid parameter in the PowerShell Command below). For example to set the connection string you'll run something like below:
[Environment]::SetEnvironmentVariable("ConnectionStrings:MySuperDatabse", "my super database connection string", "User")
3.配置运行 ASP.Net Core 应用程序的进程
您需要配置 IIS 应用程序池以使用该新帐户来运行应用程序.因此,您需要转到专用于您的应用程序的应用程序池的高级设置并设置新帐户,如下所示:
3. Configure the process that run your ASP.Net Core application
You need to configure the IIS Application Pool to use that new account to run the application. So you need to go to the Advanced Settings of the application pool dedicated to your application and set the new account like below:
最后一个想法是再次配置 IIS 应用程序池以加载用户配置文件.在某些 IIS 配置中,它默认设置为 false.您需要将其设置为 true,以便在加载用户配置文件时,也将加载该特定用户的环境变量.可以在专用于 ASP.Net Core 应用程序的应用程序池的高级设置中进行配置,如下所示:
One last thinks is to configure again the IIS Application Pool to load the User Profile. In some IIS configuration it is set to false by default. You need to set it to true so when loading the user profiles, the environment variables for that specific user will also be loaded. That can be configured in Advanced Settings of the application pool dedicated to your ASP.Net Core application like below:
大功告成!您将能够访问运行 ASP.Net Core 应用程序的用户帐户的机密,而无需修改代码库中的任何内容,而只能访问该用户范围内的环境变量的配置以及在 IIS 上完成的配置.除了创建用户帐户外,其余所有步骤都可以毫无困难地自动执行到您的 CD 管道中.
And it is done! You'll be able to access to the secrets for the user account running your ASP.Net Core Application without modifying anything into your code base but only configurations on environment varaibles scoped to that user and configurations done on IIS. Beside the user account creation, all the remaining steps can be automated into your CD Pipelines without any difficulties.
因为机密设置在创建的帐户的环境变量中,请确保没有多少人知道其密码(以管理员帐户威胁该帐户).
Because the secrets are set to the environment variables of the created account, make sure that not many people are aware about its password (threat that account as an admin account).