AppStd/DigitalData.UserManager
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(security): Nur Benutzer-ID und Passwort im Connection String verschlüsseln

Browse Source 
- Verschlüsselung des gesamten Connection Strings durch Verschlüsselung der Benutzer-ID und des Passworts ersetzt.
- Die `appsettings`-Datei wurde aktualisiert, um nur noch die Benutzer-ID und das Passwort verschlüsselt zu speichern.
- `program.cs` angepasst, um den Connection String zu entschlüsseln und die Benutzer-ID sowie das Passwort separat zu entschlüsseln.
This commit is contained in:
Developer 02 2024-09-09 12:55:22 +02:00
parent 15bc34ba95
commit e6416f0d7f
2 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
DigitalData.UserManager.API/Program.cs
View File

@ -8,6 +8,7 @@ using NLog;
using DigitalData.Core.API; using DigitalData.Core.API;
using DigitalData.UserManager.API.Controllers; using DigitalData.UserManager.API.Controllers;
using DigitalData.UserManager.Application.Services; using DigitalData.UserManager.Application.Services;
using Microsoft.Data.SqlClient;
var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger(); var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
logger.Debug("init main"); logger.Debug("init main");
@ -71,7 +72,7 @@ try {
//builder.Services.AddAutoMapper(typeof(DirectoryMappingProfile).Assembly); //builder.Services.AddAutoMapper(typeof(DirectoryMappingProfile).Assembly);
builder.Services.AddUserManager<UserManagerDbContext>(); builder.Services.AddUserManager<UserManagerDbContext>();
builder.ConfigureBySection<DirectorySearchOptions>(); builder.ConfigureBySection<DirectorySearchOptions>();
builder.Services.AddDirectorySearchService(); builder.Services.AddDirectorySearchService();
@ -83,8 +84,12 @@ try {
{ {
var encryptor = app.Services.GetRequiredService<Encryptor>(); var encryptor = app.Services.GetRequiredService<Encryptor>();
var eCnnStr = config.GetConnectionString("UM_DEF") ?? throw new InvalidOperationException("Connection string 'DD_ECM_Connection' is missing from the configuration."); var eCnnStr = config.GetConnectionString("UM_DEF") ?? throw new InvalidOperationException("Connection string 'DD_ECM_Connection' is missing from the configuration.");
var cnnStr = encryptor.Decrypt(eCnnStr);
return cnnStr; SqlConnectionStringBuilder cnnStrBuilder = new(eCnnStr);
cnnStrBuilder.UserID = encryptor.Decrypt(cnnStrBuilder.UserID);
cnnStrBuilder.Password = encryptor.Decrypt(cnnStrBuilder.Password);
var dCnnStr = cnnStrBuilder.ConnectionString;
return dCnnStr;
}); });
app.UseCors("DefaultCorsPolicy"); app.UseCors("DefaultCorsPolicy");

3
DigitalData.UserManager.API/appsettings.json
View File

@ -6,8 +6,7 @@
} }
}, },
"ConnectionStrings": { "ConnectionStrings": {
"UM_DEF": "cIFSoeMqHel7SDkAj4MWjy1UHrNJgoHrLkBJ/I/1Y95MsV9vFQjJLn6Shm9qtAyymwSNrX9s+78mW2PX4KulSA/KAaRwNQteP6SHrX0nNOJptot8TcohuiT0m9K2M/GsJEnLyJ+3yb0nJHR5yzRaVvjl8ERhgntW47dFMni98YA=", "UM_DEF": "Server=SDD-VMP04-SQL17\\DD_DEVELOP01;Database=DD_ECM;User Id=g+2edXEbMbujCUjh7INZRQ==;Password=Bz/n9pu8EyzlVqicaMRQGQ==;Encrypt=false;TrustServerCertificate=True;"
"Decrypted": "Server=SDD-VMP04-SQL17\\\\DD_DEVELOP01;Database=DD_ECM;User Id=sa;Password=dd;Encrypt=false;TrustServerCertificate=True;"
}, },
"AllowedOrigins": [ "https://localhost:7103", "http://172.24.12.39:85", "http://localhost:85", "http://localhost:4200", "http://localhost:5500", "https://localhost:7202" ], "AllowedOrigins": [ "https://localhost:7103", "http://172.24.12.39:85", "http://localhost:85", "http://localhost:4200", "http://localhost:5500", "https://localhost:7202" ],
"RunAsWindowsService": false, "RunAsWindowsService": false,