Share an example of ASP.NET Core saving secrets (User Secrets) in the development environment

This article mainly introduces in detail how ASP.NET Core elegantly saves confidential User Secrets in the development environment. It has certain reference value. Interested friends can refer to it

Preface

In the process of application development, sometimes it is necessary to save some confidential information in the code, such as encryption keys, String, or user names Password etc. The usual approach is to save it to a configuration file. In the past, we would save it to web.config, but in ASP.NET Core, this method may have changed, or you have More diverse methods and more elegant configurations to set or save these confidential information.

At first I thought this UserSecrets was of no use, because if I needed to configure something, I could configure it directly into the appsetting.json file until During a development process, I felt its true use.

Directory

• Introduction to user secrets

• How to add user secrets

• Using User Secrets in Applications

• Summary
  

Introduction to User Secrets

You can think about how we handled the following scenarios in the previous code:

• You need to save some keys for connecting with third-party websites, such as The appkey used by WeChat and Weibo sites

• configures different usernames and passwords for each developer to access some resources

• Developers During the development process, use your own local database. How to configure the database address, account and password?
  

Assuming the last item, each development must use its own local database. , you might say to let everyone modify their own web.config, just don't submit it when submitting the code. So if you add other configuration items to web.config, it is obviously unreasonable not to submit the web.config file.

Now, ASP.NET Core provides a very elegant and concise way User Secrets to help us solve this problem.

When you create a new ASP.NET Core Web application, you will see this piece of code in the Startup.cs file:

public Startup(IHostingEnvironment env) 
{
  .....

  if (env.IsDevelopment())
  {
    builder.AddUserSecrets();
  }
  
  builder.AddEnvironmentVariables();
}

In project In the .json file, you will see some configurations related to User Secrets

{
  "userSecretsId": "aspnet-WebAppCore-e278c40f-15bd-4c19-9662-541514f02f3e"
  ...
  
  "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0",
  "Microsoft.Extensions.SecretManager.Tools": “1.0.0-preview2-final”
}

You can see the line of code builder.AddUserSecrets, which is run in the development environment.

userSecretsId is used to uniquely identify the User Secrets of the project. If there are two projects that need to use different Secrets, they need to have different userSecretsId.

Microsoft.Extensions.SecretManager.Tools Mainly used to set or view the value of secrets.

How to add user secrets

You can use the command on the command line to add:

image

• Switch the command line window to the running directory of the program and enter dotnet user-secrets -h to view the commands that can be used

• Use dotnet user-secrets list List all user secrets

• Use dotnet user-secrets set WeChatAppKey "X3423FEED2435DD"Set a user secret, where WebChatAppKey is The key, followed by the value.

• Then use dotnet user-secrets list to view the set key-value pairs.

• Then I set up a database connection string.

The above is to use the command line to set user secrets. You can also use Visual Studio 2015 instead of the command line to do this work.

In Visual Studio, right-click on the Web project and you can see a Manage User Secrets menu:

image

When you click to open, a secrets.json file will appear, which contains the key-value pairs just set on the command line:

image

Some students may ask since it is storage to secrets.json, where is this file?

Where is secrets.json stored?

In non-Windows systems, its storage location is

~/.microsoft/usersecrets/<userSecretsId>/secrets.json

In Windows systems, its location can be seen at

C:\Users\用户名\AppData\Roaming\Microsoft\UserSecrets\aspnet-WebAppCore-e278c40f-15bd-4c19-9662-541514f02f3e

, The upper-level folder stored is the value set by userSecretsId in the project.json file.

Using user secrets in the application

To access the configured user secret in the application, you need to ensure project.json Dependencies present in the file:
Microsoft.Extensions.Configuration.UserSecrets and builder.AddUserSecrets().

然后在Startup.cs文件中通过 Configuration 对象访问

public IConfigurationRoot Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
  var wechatKey = Configuration["WeChatAppKey"]
}

你可以使用DI来将用户机密映射到一个C#类文件，像这样

secrets.json

{
  "SecretsKeys":
  {
    WeCharAppKey:"xxejfwert3045",
    WeboAppKey:"35402345lkefgjlkdfg",
    .....
  }
}

SecretsKeysConfig.cs

public class SecretsKeysConfig
{
  public string WeCharAppKey { get; set;}
  
  public string WeboAppKey { get; set;}
  
  // ......
}

Startup.cs

public void ConfigureServices(IServiceCollection services)
{
  services.Configure<SecretsKeysConfig>(Configuration.GetSection("SecretsKeys"));
  
  // 其他代码
}

HomeController.cs

public class HomeController : Controller
{
  public SecretsKeysConfig AppConfigs { get; }
  public HomeController(IOptions<SecretsKeysConfig> appkeys)
  {
    AppConfigs = appkeys.Value;
  }

}

注意：如果你的appsetting.json文件中有和secrets.json文件中相同节点（冲突）的配置项，那么就会被secrets.json中的设置项给覆盖掉，因为 builder.AddUserSecrets()晚于 AddJsonFile("appsettings.json")注册, 那么我们可以利用这个特性来在每个开发人员的机器上重新设置数据库连接字符串了。

总结

以上，或许可以感受到微软在 ASP.NET Core 中对于开发人员还是非常贴心的，很多小细节都考虑到了，因此在我们构建应用程序的过程中，可以多使用这些小功能（特性）来让我们的代码更加的优雅～

【相关推荐】

1. ASP.NET免费视频教程

2. 详细介绍ZKEACMS for .Net Core

3. 在.net core 下如何进行http请求？

4. 如何在ASP.NET Core中使用Cookie中间件的详细介绍

5. .Net Core中如何使用ref和Span提高程序性能的实现代码

The above is the detailed content of Share an example of ASP.NET Core saving secrets (User Secrets) in the development environment. For more information, please follow other related articles on the PHP Chinese website!