我們有一個負載均衡的環境,Jenkins會自動部署提交。由於我們使用SignalR來工作,我們必須在服務器場中的所有服務器中擁有相同的機器密鑰。我們可以通過手動進入IIS管理器並生成將包含在web.config文件中的密鑰來完成。但由於我們正在使用Jenkins進行自動部署,我們需要這也是自動的。我試圖通過命令行找到一種方法,但找不到任何資源。有沒有一種方法可以生成機器密鑰並將其添加到web.config中,以便所有進程都將自動進行?IIS通過命令行爲Jenkins生成機器密鑰
您可以使用powershell通過命令行生成機器密鑰。微軟提供這些代碼,並可以在這裏(https://support.microsoft.com/en-ca/help/2915218/resolving-view-state-message-authentication-code-mac-errors#bookmark-appendixa)找到
function Generate-MachineKey {
[CmdletBinding()]
param (
[ValidateSet("AES", "DES", "3DES")]
[string]$decryptionAlgorithm = 'AES',
[ValidateSet("MD5", "SHA1", "HMACSHA256", "HMACSHA384", "HMACSHA512")]
[string]$validationAlgorithm = 'HMACSHA256'
)
process {
function BinaryToHex {
[CmdLetBinding()]
param($bytes)
process {
$builder = new-object System.Text.StringBuilder
foreach ($b in $bytes) {
$builder = $builder.AppendFormat([System.Globalization.CultureInfo]::InvariantCulture, "{0:X2}", $b)
}
$builder
}
}
switch ($decryptionAlgorithm) {
"AES" { $decryptionObject = new-object System.Security.Cryptography.AesCryptoServiceProvider }
"DES" { $decryptionObject = new-object System.Security.Cryptography.DESCryptoServiceProvider }
"3DES" { $decryptionObject = new-object System.Security.Cryptography.TripleDESCryptoServiceProvider }
}
$decryptionObject.GenerateKey()
$decryptionKey = BinaryToHex($decryptionObject.Key)
$decryptionObject.Dispose()
switch ($validationAlgorithm) {
"MD5" { $validationObject = new-object System.Security.Cryptography.HMACMD5 }
"SHA1" { $validationObject = new-object System.Security.Cryptography.HMACSHA1 }
"HMACSHA256" { $validationObject = new-object System.Security.Cryptography.HMACSHA256 }
"HMACSHA385" { $validationObject = new-object System.Security.Cryptography.HMACSHA384 }
"HMACSHA512" { $validationObject = new-object System.Security.Cryptography.HMACSHA512 }
}
$validationKey = BinaryToHex($validationObject.Key)
$validationObject.Dispose()
[string]::Format([System.Globalization.CultureInfo]::InvariantCulture,
"<machineKey decryption=`"{0}`" decryptionKey=`"{1}`" validation=`"{2}`" validationKey=`"{3}`" />",
$decryptionAlgorithm.ToUpperInvariant(), $decryptionKey,
$validationAlgorithm.ToUpperInvariant(), $validationKey)
}
}
這將返回機器密鑰爲字符串。然後你可以通過PowerShell將它應用到web.config文件中。下面的代碼要麼添加或更換
function ApplyMachineKeyToWebConfigs($machineKey)
{
$webConfig = (Get-Content $webConfigPath) -as [Xml]
if($webConfig.configuration["system.web"].machineKey)
{
$webConfig.configuration["system.web"].ReplaceChild($webConfig.ImportNode($machineKey.machineKey, $true), $webConfig.configuration["system.web"].machineKey)
}
else
{
$webConfig.configuration["system.web"].AppendChild($webConfig.ImportNode($machineKey.machineKey, $true))
}
$webConfig.save($webConfigPath)
}
哪裏$webConfigPath是路徑服務器上的Web配置文件。 您需要在服務器上生成機器密鑰,以便我們可以通過jenkins上的CI遠程運行這些密鑰。如果您創建一個PowerShell腳本結合的功能(稱爲GenerateMachineKey.ps1):在web.config路徑傳遞
[xml]$machineKey = Generate-MachineKey
ApplyMachineKeyToWebConfigs $machineKey
你再像這樣運行:
Invoke-Command -ComputerName <ipAddress or computer name> -FilePath GenerateMachineKey.ps1 -ArgumentList c:\DeployedApps\YourWebsite\Web.config -credential $Credentials
您需要設置憑據來調用可以用下面的命令來實現命令:
$Username = 'admin'
$Password = 'password'
$SecurePass = ConvertTo-SecureString -AsPlainText $Password -Force
$Credentials = New-Object System.Management.Automation.PSCredential -ArgumentList $Username, $SecurePass
現在可以完全自動通過詹金斯或使用這些鮑威任何其他CI平臺設置你的IIS機器密鑰rshell腳本