Detailed explanation of how Core elegantly saves secrets (User Secrets) in the development environment in ASP.NET

This article mainly introduces in detail how ASP.NET Core elegantly saves confidential User Secrets in the development environment. It has certain reference value. Interested friends can refer to it

Preface

In the process of application development, sometimes it is necessary to save some confidential information in the code, such as encryption keys, strings, or user names and passwords. The usual approach is to save it to a configuration file. In the past, we would save it to web.config, but in ASP.NET Core, this method may have changed, or you may have more diverse methods. , and more elegant configurations to set or save these confidential information.

At first I thought this UserSecrets was of no use, because if I needed to configure something, I could configure it directly into the appsetting.json file until During a development process, I felt its true use.

Directory

• Introduction to user secrets

• How to add user secrets

• Using User Secrets in Applications

• Summary
  

Introduction to User Secrets

You can think about how we handled the following scenarios in the previous code:

• You need to save some keys for connecting with third-party websites, such as The appkey used by WeChat and Weibo sites

• configures different usernames and passwords for each developer to access some resources

• Developers During the development process, use your own local database. How to configure the database address, account and password?
  

Assuming the last item, each development must use its own local database. , you might say to let everyone modify their own web.config, just don't submit it when submitting the code. So if you add other configuration items to web.config, it is obviously unreasonable not to submit the web.config file.

Now, ASP.NET Core provides a very elegant and concise way User Secrets to help us solve this problem.

When you create a new ASP.NET Core Web application, you will see this code in the Startup.cs file:

public Startup(IHostingEnvironment env) 
{
  .....

  if (env.IsDevelopment())
  {
    builder.AddUserSecrets();
  }
  
  builder.AddEnvironmentVariables();
}

In the project.json file, you will see some configurations related to User Secrets

{
  "userSecretsId": "aspnet-WebAppCore-e278c40f-15bd-4c19-9662-541514f02f3e"
  ...
  
  "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0",
  "Microsoft.Extensions.SecretManager.Tools": “1.0.0-preview2-final”
}

You can see builder. AddUserSecretsThis line of code is run in the development environment.

userSecretsId is used to uniquely identify the User Secrets of the project. If there are two projects that need to use different Secrets, they need to have different userSecretsId.

Microsoft.Extensions.SecretManager.Tools Mainly used to set or view the value of secrets.

How to add user secrets

You can use the command on the command line to add:

image

• Switch the command line window to the running directory of the program and enter dotnet user-secrets -h to view the commands that can be used

• Use dotnet user-secrets list List all user secrets

• Use dotnet user-secrets set WeChatAppKey "X3423FEED2435DD"Set a user secret, where WebChatAppKey is The key, followed by the value.

• Then use dotnet user-secrets list to view the set key-value pairs.

• Then I set up a database connection string.

The above is to use the command line to set user secrets. You can also use Visual Studio 2015 instead of the command line to do this work.

In Visual Studio, right-click on the Web project and you can see a Manage User Secrets menu:

image

When you click to open, a secrets.json file will appear, which contains the key-value pairs just set on the command line:

image

Some students may ask since it is storage to secrets.json, where is this file?

Where is secrets.json stored?

In non-Windows systems, its storage location is

~/.microsoft/usersecrets//secrets.json

In Windows systems, its location is

C:\Users\username\AppData\Roaming\Microsoft\UserSecrets\aspnet-WebAppCore- e278c40f-15bd-4c19-9662-541514f02f3e

You can see that the upper-level folder stored is the userSecretsId in the project.json file set value.

Using User Secrets in Applications

要在应用程序中访问配置的用户机密，你需要保证project.json文件中存在依赖项：
Microsoft.Extensions.Configuration.UserSecrets 并且builder.AddUserSecrets()。

然后在Startup.cs文件中通过 Configuration 对象访问

public IConfigurationRoot Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
  var wechatKey = Configuration["WeChatAppKey"]
}

你可以使用DI来将用户机密映射到一个C#类文件，像这样

secrets.json

{
  "SecretsKeys":
  {
    WeCharAppKey:"xxejfwert3045",
    WeboAppKey:"35402345lkefgjlkdfg",
    .....
  }
}

SecretsKeysConfig.cs

public class SecretsKeysConfig
{
  public string WeCharAppKey { get; set;}
  
  public string WeboAppKey { get; set;}
  
  // ......
}

Startup.cs

public void ConfigureServices(IServiceCollection services)
{
  services.Configure<SecretsKeysConfig>(Configuration.GetSection("SecretsKeys"));
  
  // 其他代码
}

HomeController.cs

public class HomeController : Controller
{
  public SecretsKeysConfig AppConfigs { get; }
  public HomeController(IOptions<SecretsKeysConfig> appkeys)
  {
    AppConfigs = appkeys.Value;
  }

}

注意：如果你的appsetting.json文件中有和secrets.json文件中相同节点（冲突）的配置项，那么就会被secrets.json中的设置项给覆盖掉，因为 builder.AddUserSecrets()晚于 AddJsonFile("appsettings.json")注册, 那么我们可以利用这个特性来在每个开发人员的机器上重新设置数据库连接字符串了。

总结

以上，或许可以感受到微软在 ASP.NET Core 中对于开发人员还是非常贴心的，很多小细节都考虑到了，因此在我们构建应用程序的过程中，可以多使用这些小功能（特性）来让我们的代码更加的优雅～

The above is the detailed content of Detailed explanation of how Core elegantly saves secrets (User Secrets) in the development environment in ASP.NET. For more information, please follow other related articles on the PHP Chinese website!