feat(security): Nur Benutzer-ID und Passwort im Connection String verschlüsseln

- Verschlüsselung des gesamten Connection Strings durch Verschlüsselung der Benutzer-ID und des Passworts ersetzt. - Die `appsettings`-Datei wurde aktualisiert, um nur noch die Benutzer-ID und das Passwort verschlüsselt zu speichern. - `program.cs` angepasst, um den Connection String zu entschlüsseln und die Benutzer-ID sowie das Passwort separat zu entschlüsseln.
2024-09-09 12:55:22 +02:00 · 2024-09-09 12:55:22 +02:00 · e6416f0d7f
commit e6416f0d7f
parent 15bc34ba95
2 changed files with 9 additions and 5 deletions
--- a/DigitalData.UserManager.API/Program.cs
+++ b/DigitalData.UserManager.API/Program.cs
@ -8,6 +8,7 @@ using NLog;
 using DigitalData.Core.API;
 using DigitalData.UserManager.API.Controllers;
 using DigitalData.UserManager.Application.Services;
+using Microsoft.Data.SqlClient;

 var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
 logger.Debug("init main");
@ -71,7 +72,7 @@ try {

    //builder.Services.AddAutoMapper(typeof(DirectoryMappingProfile).Assembly);
    builder.Services.AddUserManager<UserManagerDbContext>();
-
+    
    builder.ConfigureBySection<DirectorySearchOptions>();
    builder.Services.AddDirectorySearchService();

@ -83,8 +84,12 @@ try {
    {
        var encryptor = app.Services.GetRequiredService<Encryptor>();
        var eCnnStr = config.GetConnectionString("UM_DEF") ?? throw new InvalidOperationException("Connection string 'DD_ECM_Connection' is missing from the configuration.");
-        var cnnStr = encryptor.Decrypt(eCnnStr);
-        return cnnStr;
+
+        SqlConnectionStringBuilder cnnStrBuilder = new(eCnnStr);
+        cnnStrBuilder.UserID = encryptor.Decrypt(cnnStrBuilder.UserID);
+        cnnStrBuilder.Password = encryptor.Decrypt(cnnStrBuilder.Password);
+        var dCnnStr = cnnStrBuilder.ConnectionString;
+        return dCnnStr;
    });

    app.UseCors("DefaultCorsPolicy");
--- a/DigitalData.UserManager.API/appsettings.json
+++ b/DigitalData.UserManager.API/appsettings.json
@ -6,8 +6,7 @@
    }
  },
  "ConnectionStrings": {
-    "UM_DEF": "cIFSoeMqHel7SDkAj4MWjy1UHrNJgoHrLkBJ/I/1Y95MsV9vFQjJLn6Shm9qtAyymwSNrX9s+78mW2PX4KulSA/KAaRwNQteP6SHrX0nNOJptot8TcohuiT0m9K2M/GsJEnLyJ+3yb0nJHR5yzRaVvjl8ERhgntW47dFMni98YA=",
-    "Decrypted": "Server=SDD-VMP04-SQL17\\\\DD_DEVELOP01;Database=DD_ECM;User Id=sa;Password=dd;Encrypt=false;TrustServerCertificate=True;"
+    "UM_DEF": "Server=SDD-VMP04-SQL17\\DD_DEVELOP01;Database=DD_ECM;User Id=g+2edXEbMbujCUjh7INZRQ==;Password=Bz/n9pu8EyzlVqicaMRQGQ==;Encrypt=false;TrustServerCertificate=True;"
  },
  "AllowedOrigins": [ "https://localhost:7103", "http://172.24.12.39:85", "http://localhost:85", "http://localhost:4200", "http://localhost:5500", "https://localhost:7202" ],
  "RunAsWindowsService": false,