0

I have a password in my appsettings.json (well, secrets.json, really) containing quotation mark. That causes issues, naturally, and I tried to escape it the usual way. However, the rendition into the string as I read in that setting doesn't transform it properly.

The different appsettings.json.

{ "CertPass": "abc"123", ... }

{ "CertPass": "abc\"123", ... }

{ "CertPass": "abc""123", ... }

{ "CertPass": "abc\\\"123", ... }

The Program.cs.

string pass = config.Env<string>("CertPass");

public static class ConfigurationExtensions
{
  public static T Env<T>(this IConfiguration self, string key)
    => self.GetSection(key).Get<T>()!;
}

The solution of enclosing it with apostrophes and/or replacing the quotation mark with " didn't work. The string still gets into the application in verbatim state (i.e. with the apostrophes and ampersand).

In my case it's not a connection string. It's just a password for a different purpose (the secret to our certificate stored in a PFX file). That's probably why the solution above won't work.

What do I do?

My (hacky) workaround is (for now) to store the password with a "¤" (whatever this is called) and then replacing it in the code after it's been read. Not pretty nor recommended.

Konrad Viltersten
  • 36,151
  • 76
  • 250
  • 438
  • `replace the quotation mark with "` doesn't make sense because `"` is a quotation mark. Do you mean you have "single quotes" or an "apostrophe" in the password? Whatever the character is, the first comment is on the right track. There's nothing special about secrets.json. Just look up how to escape the offending character in json. – Eric J. Feb 18 '23 at 16:05
  • 1
    encode your password to Base64 and use the encoded phrase in your Json file. decode it where you want to use it – Hamid Mohammadi Feb 18 '23 at 16:11
  • @EricJ. I'm not sure what you refer to. Have you misunderstood the replacement I'm (hackily) doing? I've replaced the quotation mark (i.e. `"`) in the password stored in *appsettings.json* with a bullseye character (i.e. `¤`). Then, after the value's been read to a variable in *Program.cs*, I replace the bullseye (or whatever it's called) with a quotation mark, hence rendering the correct value for the password. Anyway, I'll check out the linked suggestion. Maybe it helps. – Konrad Viltersten Feb 18 '23 at 16:29
  • @pfx I've checked out the link provided. It's mostly JS-related parsing there. When I try escaping strategies listed in the many answers, I still don't get the value from the field in *appsettings.json* correctly interpreted. Please view the linked answer in my question stating the same issue. – Konrad Viltersten Feb 18 '23 at 16:33
  • Why don't you post sample JSON in your question the way you would like it to be (not the hacky version) and of course not with your real password? – Eric J. Feb 18 '23 at 16:34
  • @EricJ. Please help me verify which of the posted replies to the linked question deals with the issue of mine? I'm getting the impression that those "should" work assuming that the problem is with the JSON representation of the quotation mark. It seems it's not. – Konrad Viltersten Feb 18 '23 at 16:35
  • @EricJ. Good idea. I chose to omit it because it's almost naive. Example: `abc"123`. I'll update the question with the C# I'm using to read it too. – Konrad Viltersten Feb 18 '23 at 16:36
  • Which value do you see when having `"abc\"123"` in appsettings and doing a `System.Diagnostics.Debug.WriteLine(builder.Configuration.GetSection("CertPass").Get()!);`. Look in the Debug Output window in Visual Studio. – pfx Feb 18 '23 at 16:52

0 Answers0