1 out of 2 rated this helpful - Rate this topic

DpapiProtectedConfigurationProvider Class

.NET Framework 2.0

Note: This class is new in the .NET Framework version 2.0.

Provides a ProtectedConfigurationProvider object that uses the Windows data protection API (DPAPI) to encrypt and decrypt configuration data.

Namespace: System.Configuration
Assembly: System.Configuration (in system.configuration.dll)

Syntax

C++

public sealed class DpapiProtectedConfigurationProvider : ProtectedConfigurationProvider

public final class DpapiProtectedConfigurationProvider extends ProtectedConfigurationProvider

JScript

public final class DpapiProtectedConfigurationProvider extends ProtectedConfigurationProvider

Remarks

The DpapiProtectedConfigurationProvider allows you to protect sensitive information stored in a configuration file from unauthorized access.

You use the standard DpapiProtectedConfigurationProvider by declaring the provider and appropriate settings in the configuration file rather than creating an instance of this class. Refer to the next example.

For more information about Protected Configuration, see Encrypting Configuration Information Using Protected Configuration.

The DpapiProtectedConfigurationProvider uses the Windows built-in cryptographic services and can be configured for either machine-specific or user-account-specific protection. Machine-specific protection is useful for anonymous services but provides less security. User-account-specific protection can be used with services that run with a specific user identity.

Example

The following example shows how to use the standard DpapiProtectedConfigurationProvider to protect or unprotect a configuration section.

using System;
using System.Configuration;

public class UsingDpapiProtectedConfigurationProvider
{

    // Protect the connectionStrings section.
    private static void ProtectConfiguration()
    {

        // Get the application configuration file.
        System.Configuration.Configuration config =
                ConfigurationManager.OpenExeConfiguration(
                ConfigurationUserLevel.None);

        // Define the Dpapi provider name.
        string provider = 
            "DataProtectionConfigurationProvider";


        // Get the section to protect.
        ConfigurationSection connStrings =
            config.ConnectionStrings;

        if (connStrings != null)
        {
            if (!connStrings.SectionInformation.IsProtected)
            {
                if (!connStrings.ElementInformation.IsLocked)
                {
                    // Protect the section.
                    connStrings.SectionInformation.ProtectSection(provider);

                    connStrings.SectionInformation.ForceSave = true;
                    config.Save(ConfigurationSaveMode.Full);

                    Console.WriteLine("Section {0 is now protected by {1",
                        connStrings.SectionInformation.Name,
                        connStrings.SectionInformation.ProtectionProvider.Name);

                
                else
                    Console.WriteLine(
                         "Can't protect, section {0 is locked",
                         connStrings.SectionInformation.Name);
            
            else
                Console.WriteLine(
                    "Section {0 is already protected by {1",
                    connStrings.SectionInformation.Name,
                    connStrings.SectionInformation.ProtectionProvider.Name);

        
        else
            Console.WriteLine("Can't get the section {0",
                connStrings.SectionInformation.Name);

    


    // Unprotect the connectionStrings section.
    private static void UnProtectConfiguration()
    {

        // Get the application configuration file.
        System.Configuration.Configuration config =
                ConfigurationManager.OpenExeConfiguration(
                ConfigurationUserLevel.None);

        // Get the section to unprotect.
        ConfigurationSection connStrings =
            config.ConnectionStrings;

        if (connStrings != null)
        {
            if (connStrings.SectionInformation.IsProtected)
            {
                if (!connStrings.ElementInformation.IsLocked)
                {
                    // Unprotect the section.
                    connStrings.SectionInformation.UnprotectSection();

                    connStrings.SectionInformation.ForceSave = true;
                    config.Save(ConfigurationSaveMode.Full);

                    Console.WriteLine("Section {0 is now unprotected.",
                        connStrings.SectionInformation.Name);

                
                else
                    Console.WriteLine(
                         "Can't unprotect, section {0 is locked",
                         connStrings.SectionInformation.Name);
            
            else
                Console.WriteLine(
                    "Section {0 is already unprotected.",
                    connStrings.SectionInformation.Name);

        
        else
            Console.WriteLine("Can't get the section {0",
                connStrings.SectionInformation.Name);

    


    public static void Main(string[] args)
    {

        string selection = string.Empty;

        if (args.Length == 0)
        {
            Console.WriteLine(
                "Select protect or unprotect");
            return;
        

        selection = args[0].ToLower();

        switch (selection)
        {
            case "protect":
                ProtectConfiguration();
                break;

            case "unprotect":
                UnProtectConfiguration();
                break;

            default:
                Console.WriteLine("Unknown selection");
                break;
        

        Console.Read();

The following configuration excerpts show the configuration section before and after the protection has been applied.

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <connectionStrings>
    <add name="NorthwindConnectionString" 
      connectionString="Data Source=webnetue2;Initial Catalog=Northwind;User ID=aspnet_test;Password=test"
      providerName="System.Data.SqlClient" />
  </connectionStrings>
</configuration>

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <connectionStrings>
    <EncryptedData>
      <CipherData>                <CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAcAMh0jIC1kigyFfd9AUZfQQAAAACAAAAAAADZgAAqAAAABAAAADQwbQ2DgIgIlqskE1RI9UpAAAAAASAAACgAAAAEAAAAAXlYBxi3jhM6wv4sxLhugsQAgAAgoReHZS2406dc/AyRDd6WuNr4ihHn6fbipd4tzHEmeuyS4o4fS4CmT3jMt/WjsP/kR7TF4ygwr2GG47podK79ECpVCZHAgctCauCYjE2Ls3iphKXy/pHic2o6aaClt/xPm+fb4OfODv6XjrJhJzGK2lqUPXkyJN1w2zwh6OVpDQF9N8vTyxL4eitp35/M5zYbW7e6VVAgYUOxlNxgCV5+jXpUKh/rPovopTD392u8KavqQFW1iu+gBPSPq/xeZNz+qYMKbUl+r4VTzBQg3fPlRxp1lNZmM2yRgUbkYPNaFb9ihS7GAg5/wZn8lLmThvq39eA0Vlp6hDE92iop885umELt0/NBKf5umQCqqz9EXXLbmmGc7qoLqTaYVuOmqx0LsvrJL0wSL1dSySCjmB/dNAtVUYgg02eWQNKyaLqnpMdCbTLLQ/oCKuNkL5OQ7t1yl5wQGjQhieIRzLtrMgpTSyaHbqDsRurp9Bc5mM078IAg1hXquQNKlJC/wiJ9kbHerFCbtuLGy/7nXVrFH91ud4U4ExCJEuhoTdmuql5kbqYd6Ye/bu2CftPni19nDkSJ8w4NoqMNKbK3Mi/Cd0o113HsVYlETMv1vlJWZWYP91PK9trixiY4E0G81c6IKITjHDrOJ9evdw2T1/TrvY6pzre3UXSJbFMDQVX6JoAxFk02SRZDKOZdRojeoX19lgrFAAAABzjlz3Qg2as3vn7MRQVxDfZucgE</CipherValue>
      </CipherData>
    </EncryptedData>
  </connectionStrings>
  <configProtectedData defaultProvider="RsaProtectedConfigurationProvider">
    <providers>
      <clear />
      <add keyContainerName="NetFrameworkConfigurationKey" cspProviderName=""
        useMachineContainer="true" useOAEP="false" description="Uses RsaCryptoServiceProvider to encrypt and decrypt"
        name="RsaProtectedConfigurationProvider" type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      <add useMachineProtection="true" description="Uses CryptProtectData and CryptUnProtectData Windows APIs to encrypt and decrypt"
        keyEntropy="" name="DataProtectionConfigurationProvider" type="System.Configuration.DpapiProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
    </providers>
  </configProtectedData>
</configuration>

Inheritance Hierarchy

System.Object
   System.Configuration.Provider.ProviderBase
     System.Configuration.ProtectedConfigurationProvider
      System.Configuration.DpapiProtectedConfigurationProvider

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Platforms

Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

Version Information

.NET Framework

Supported in: 2.0

Reference

DpapiProtectedConfigurationProvider Members
System.Configuration Namespace
RSAProtectedConfigurationProvider

Other Resources

Cryptographic Services
Specifying a Protected Configuration Provider

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Community Additions

ADD