Geek Answers Handbook

Where should I store the connection string for the production environment of my ASP.NET Core application?

Where should production and intermediate connection strings be stored in an ASP.NET Core application when deployed to IIS 7 (not Azure)?

I am looking for a recommended way to do this / best practices, especially in terms of security.

+6
iis-7 asp.net-core production-environment
source share
2 answers

In ASP.NET 5, you can specify multiple configuration sources. Thanks to this welcome change to the previous model, you can save the connection string for development in a simple json file, as well as the intermediate and production connection string in environment variables directly on the respective servers.

If you configure your application as follows:

var config = new Configuration() .AddJsonFile("config.json") .AddEnvironmentVariables();

and in the config.json line and the environment variable there is a connection line, then the source code of the environment will be received.

So, save the development connection string in config.json (and freely register in the source control) and create one in the environment variable. More details here and here .

+2
source share

You want to use the user secrets API. See my example below (based on ASP.NET 5 Beta 5):

 ConfigurationBuilder configurationBuilder = new ConfigurationBuilder( applicationEnvironment.ApplicationBasePath); // This reads the configuration keys from the secret store. This allows you to store // connection strings and other sensitive settings on your development environment, so you // don't have to check them into your source control provider. configurationBuilder.AddUserSecrets(); IConfiguration configuration = configurationBuilder.Build();

You should also set userSecretsId in project.json (see links below). This is a unique identifier for your project secrets and will be needed below when you create a new secret:

 { "webroot": "wwwroot", "userSecretsId": "[Your User Secrets ID]", "version": "1.0.0-*" ... }

To add / remove / update user secrets, you need to install the secret manager by doing:

 dnu commands install SecretManager

Then use the secrets manager to actually add / remove / update the settings:

 Usage: user-secret [options] [command] Options: -?|-h|--help Show help information -v|--verbose Verbose output Commands: set Sets the user secret to the specified value help Show help information remove Removes the specified user secret list Lists all the application secrets clear Deletes all the application secrets Use "user-secret help [command]" for more information about a command.

See this and this documentation for more information.

It should also be noted that from the moment of writing (ASP.NET 5 Beta 5) the user's secrets are not encrypted! This will change later.

+3
source share

More articles:


All Articles