From the course: ASP.NET: Security
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Storing secrets in Web.config
- [Instructor] This chapter is all about storing sensitive data. And, the first place where there might be sensitive data is the web.config file because it holds all of the configurations for our web application. Possibly including connection strings, app settings with maybe passwords, maybe some other data that should not be exposed. So, there might be a need to protect this data. Well, good news first. At least web.config cannot be downloaded via HTTP. If you open up an ASP.NET website and then go to servername/web.config the browser will not receive that config file. The server refuses to download that file, and, of course, that's a very good thing. Our application is running so let's just try it. Web.config Ah, not found, it's 404.8. The request filtering module is configured to deny a path in the URL that contains a hiddenSegment section. So basically this means this is a file a that's not supposed to be available. Maybe if you go to Controllers/ShopController.cs. Yeah, the…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Storing secrets in Web.config4m 19s
-
(Locked)
Externalizing Web.config settings3m 35s
-
(Locked)
Encrypting Web.config4m 21s
-
(Locked)
Azure Key Vault2m 36s
-
(Locked)
Managing the Key Vault with Azure Shell4m 45s
-
(Locked)
Password hashing1m 20s
-
(Locked)
Adding password hashing to the app3m 18s
-
(Locked)
-
-
-