Export (0) Print
Expand All

DataProtectionPermission Class

Note: This class is new in the .NET Framework version 2.0.

Controls the ability to access encrypted data and memory. This class cannot be inherited.

Namespace: System.Security.Permissions
Assembly: System.Security (in system.security.dll)

[SerializableAttribute] 
public sealed class DataProtectionPermission : CodeAccessPermission, IUnrestrictedPermission
/** @attribute SerializableAttribute() */ 
public final class DataProtectionPermission extends CodeAccessPermission implements IUnrestrictedPermission
SerializableAttribute 
public final class DataProtectionPermission extends CodeAccessPermission implements IUnrestrictedPermission

This permission is used to control the ability to encrypt data and memory using the ProtectedData and ProtectedMemory classes.

The following code example shows the use of members of the DataProtectionPermission class.

using System;
using System.Security.Permissions;
using System.Security.Cryptography;
using System.Security;
using System.IO;

[assembly: DataProtectionPermission(
    SecurityAction.RequestMinimum, 
    Flags = DataProtectionPermissionFlags.ProtectData)]
public class DataProtect
{
    // Create a byte array for additional entropy when using the
    // Protect and Unprotect methods.
    static byte[] s_aditionalEntropy = { 9, 8, 7, 6, 5 };

    private static byte[] encryptedSecret;
    private static byte[] originalData;
    public static void Main(string[] args)
    {
        Console.WriteLine("Creating a permission with the Flags property =" +
            " ProtectData.");
        DataProtectionPermission sp = new DataProtectionPermission(
            DataProtectionPermissionFlags.ProtectData);
        // Deny the permission to protect data.
        sp.Deny();
        // The following code results in an exception due to an attempt to
        // protect data.
        ProtectData();
        // Remove the Deny for ProtectData permission.
        CodeAccessPermission.RevertDeny();
        // The call to protect data will now succeed.
        ProtectData();
        DataProtectionPermission sp2 = new DataProtectionPermission(
            DataProtectionPermissionFlags.UnprotectData);
        sp2.Deny();
        // The following code results in an exception due to an attempt
        // to unprotect data.
        UnprotectData();
        // Remove the Deny for UnprotectData permission.
        CodeAccessPermission.RevertDeny();

        UnprotectData();
        // Demonstrate the attribute.
        TryProtectData();
        // Demonstrate the behavior of the class members.
        ShowMembers();

        Console.WriteLine("Press the Enter key to exit.");
        Console.ReadKey();
        return;
    }

    //Deny the permission the ability to add to a store.
    [DataProtectionPermission(
         SecurityAction.Deny, 
         Flags = DataProtectionPermissionFlags.ProtectData)]
    private static void TryProtectData()
    {
        try
        {
            ProtectData();
            return;
        }
        catch (SecurityException e)
        {
            Console.WriteLine("A security exception thrown when attempting:" +
                ((DataProtectionPermission)e.DenySetInstance).Flags);
            return;
        }
    }

    // The following method is intended to demonstrate only the behavior of
    // DataProtectionPermission class members,and not their practical usage.
    // Most properties and methods in this class are used for the resolution
    // and enforcement of security policy by the security infrastructure code.
    private static void ShowMembers()
    {
        Console.WriteLine("Creating four DataProtectionPermissions");
        Console.WriteLine("Creating the first permission with the Flags " + 
            "property = ProtectData.");
        DataProtectionPermission sp1 = new DataProtectionPermission(
            DataProtectionPermissionFlags.ProtectData);

        Console.WriteLine("Creating the second permission with the Flags " + 
            "property = AllFlags.");

        DataProtectionPermission sp2 = new DataProtectionPermission(
            DataProtectionPermissionFlags.AllFlags);

        Console.WriteLine("Creating the third permission with a permission " +
            "state = Unrestricted.");
        DataProtectionPermission sp3 = new DataProtectionPermission(
            PermissionState.Unrestricted);
        Console.WriteLine("Creating the fourth permission with a permission" +
            " state = None.");

        DataProtectionPermission sp4 = new DataProtectionPermission(
            PermissionState.None);
        bool rc = sp2.IsSubsetOf(sp3);
        Console.WriteLine("Is the permission with all flags set (AllFlags) " +
            "a subset of \n \tthe permission with an Unrestricted " +
            "permission state? " + (rc ? "Yes" : "No"));
        rc = sp1.IsSubsetOf(sp2);
        Console.WriteLine("Is the permission with ProtectData access a " + 
            "subset of the permission with \n" + "\tAllFlags set? " + 
            (rc ? "Yes" : "No"));
        rc = sp3.IsUnrestricted();
        Console.WriteLine("Is the third permission unrestricted? " + 
            (rc ? "Yes" : "No"));
        Console.WriteLine("Copying the second permission to the fourth " +
            "permission.");
        sp4 = (DataProtectionPermission)sp2.Copy();
        rc = sp4.Equals(sp2);
        Console.WriteLine("Is the fourth permission equal to the second " +
            "permission? " + (rc ? "Yes" : "No"));
        Console.WriteLine("Creating the intersection of the second and " +
            "first permissions.");
        sp4 = (DataProtectionPermission)sp2.Intersect(sp1);
        Console.WriteLine("The value of the Flags property is: " + 
            sp4.Flags.ToString());
        Console.WriteLine("Creating the union of the second and first " +
            "permissions.");
        sp4 = (DataProtectionPermission)sp2.Union(sp1);
        Console.WriteLine("Result of the union of the second permission " +
            "with the first: " + sp4.Flags);
        Console.WriteLine("Using an XML round trip to reset the fourth " +
            "permission.");
        sp4.FromXml(sp2.ToXml());
        rc = sp4.Equals(sp2);
        Console.WriteLine("Does the XML round trip result equal the " +
            "original permission? " + (rc ? "Yes" : "No"));
    }

    // Create a simple byte array containing data to be encrypted.
    public static void ProtectData()
    {
        byte[] secret = { 0, 1, 2, 3, 4, 1, 2, 3, 4 };

        //Encrypt the data.
        encryptedSecret = Protect(secret);
        Console.WriteLine("The encrypted byte array is:");
        if (encryptedSecret != null)
            PrintValues(encryptedSecret);

    }

    // Decrypt the data and store in a byte array.
    public static void UnprotectData()
    {
        originalData = Unprotect(encryptedSecret);
        if (originalData != null)
        {
            Console.WriteLine("\r\nThe original data is:");
            PrintValues(originalData);
        }
    }

    // Encrypt data in the specified byte array.
    public static byte[] Protect(byte[] data)
    {
        try
        {
            // Encrypt the data using DataProtectionScope.CurrentUser.
            // The result can be decrypted only by the user who encrypted
            // the data.
            return ProtectedData.Protect(
                data, 
                s_aditionalEntropy, 
                DataProtectionScope.CurrentUser);
        }
        catch (CryptographicException e)
        {
            Console.WriteLine("Data was not encrypted. " + 
                "An error has occurred.");
            Console.WriteLine(e.ToString());
            return null;
        }
        catch (SecurityException e)
        {
            Console.WriteLine("Insufficient permissions. " + 
                "An error has occurred.");
            Console.WriteLine(e.ToString());
            return null;
        }
    }

    // Decrypt data in the specified byte array.
    public static byte[] Unprotect(byte[] data)
    {
        try
        {
            //Decrypt the data using DataProtectionScope.CurrentUser.
            return ProtectedData.Unprotect(
                data, 
                s_aditionalEntropy, 
                DataProtectionScope.CurrentUser);
        }
        catch (CryptographicException e)
        {
            Console.WriteLine("Data was not decrypted. " + 
                "An error has occurred.");
            Console.WriteLine(e.ToString());
            return null;
        }
        catch (SecurityException e)
        {
            Console.WriteLine("Insufficient permissions. " + 
                "An error has occurred.");
            Console.WriteLine(e.ToString());
            return null;
        }
    }

    public static void PrintValues(Byte[] myArr)
    {
        foreach (Byte i in myArr)
        {
            Console.Write("\t{0}", i);
        }
        Console.WriteLine();
    }


}


import System.*;
import System.Security.Permissions.*;
import System.Security.Cryptography.*;
import System.Security.*;
import System.IO.*;

/** @assembly DataProtectionPermission(SecurityAction.RequestMinimum, 
    Flags = DataProtectionPermissionFlags.ProtectData)
 */
public class DataProtect
{
    // Create a byte array for additional entropy when using the
    // Protect and Unprotect methods.
    private static ubyte s_aditionalEntropy[] =  { 9, 8, 7, 6, 5 };
    private static ubyte encryptedSecret[];
    private static ubyte originalData[];

    public static void main(String[] args)
    {
        Console.WriteLine("Creating a permission with the Flags property =" 
            + " ProtectData.");
        DataProtectionPermission sp = new DataProtectionPermission(
            DataProtectionPermissionFlags.ProtectData);

        // Deny the permission to protect data.
        sp.Deny();
        // The following code results in an exception due to an attempt to
        // protect data.
        ProtectData();
        // Remove the Deny for ProtectData permission.
        CodeAccessPermission.RevertDeny();
        // The call to protect data will now succeed.
        ProtectData();
        DataProtectionPermission sp2 = new DataProtectionPermission(
            DataProtectionPermissionFlags.UnprotectData);
        sp2.Deny();
        // The following code results in an exception due to an attempt
        // to unprotect data.
        UnprotectData();
        // Remove the Deny for UnprotectData permission.
        CodeAccessPermission.RevertDeny();

        UnprotectData();
        // Demonstrate the attribute.
        TryProtectData();
        // Demonstrate the behavior of the class members.
        ShowMembers();

        Console.WriteLine("Press the Enter key to exit.");
        Console.ReadKey();
        return;
    } //main

    //Deny the permission the ability to add to a store.
    /** @attribute DataProtectionPermission(SecurityAction.Deny, 
        Flags = DataProtectionPermissionFlags.ProtectData)
     */
    private static void TryProtectData()
    {
        try {
            ProtectData();
            return;
        }
        catch (System.Security.SecurityException e) {
            Console.WriteLine("A security exception thrown when attempting:" 
                + ((DataProtectionPermission)(e.get_DenySetInstance())).
                get_Flags());
            return;
        }
    } //TryProtectData

    // The following method is intended to demonstrate only the behavior of
    // DataProtectionPermission class members,and not their practical usage.
    // Most properties and methods in this class are used for the resolution
    // and enforcement of security policy by the security infrastructure code.
    private static void ShowMembers()
    {
        Console.WriteLine("Creating four DataProtectionPermissions");
        Console.WriteLine("Creating the first permission with the Flags " 
            + "property = ProtectData.");
        DataProtectionPermission sp1 = new DataProtectionPermission(
            DataProtectionPermissionFlags.ProtectData);

        Console.WriteLine("Creating the second permission with the Flags " 
            + "property = AllFlags.");

        DataProtectionPermission sp2 = new DataProtectionPermission(
            DataProtectionPermissionFlags.AllFlags);

        Console.WriteLine("Creating the third permission with a permission " 
            + "state = Unrestricted.");
        DataProtectionPermission sp3 = new DataProtectionPermission(
            PermissionState.Unrestricted);

        Console.WriteLine("Creating the fourth permission with a permission" 
            + " state = None.");

        DataProtectionPermission sp4 = new DataProtectionPermission(
            PermissionState.None);
        boolean rc = sp2.IsSubsetOf(sp3);
        Console.WriteLine("Is the permission with all flags set (AllFlags) " 
            + "a subset of \n \tthe permission with an Unrestricted " 
            + "permission state? " + ((rc) ? "Yes" : "No"));
        rc = sp1.IsSubsetOf(sp2);
        Console.WriteLine("Is the permission with ProtectData access a " 
            + "subset of the permission with \n" 
            + "\tAllFlags set? " + ((rc) ? "Yes" : "No"));

        rc = sp3.IsUnrestricted();
        Console.WriteLine("Is the third permission unrestricted? " 
            + ((rc) ? "Yes" : "No"));

        Console.WriteLine("Copying the second permission to the fourth " 
            + "permission.");
        sp4 = (DataProtectionPermission)(sp2.Copy());
        rc = sp4.Equals(sp2);
        Console.WriteLine("Is the fourth permission equal to the second " 
            + "permission? " 
            + ((rc) ? "Yes" : "No"));

        Console.WriteLine("Creating the intersection of the second and " 
            + "first permissions.");
        sp4 = (DataProtectionPermission)(sp2.Intersect(sp1));
        Console.WriteLine("The value of the Flags property is: " 
            + sp4.get_Flags().ToString());

        Console.WriteLine("Creating the union of the second and first " 
            + "permissions.");
        sp4 = (DataProtectionPermission)(sp2.Union(sp1));
        Console.WriteLine("Result of the union of the second permission " 
            + "with the first: " + sp4.get_Flags());

        Console.WriteLine("Using an XML round trip to reset the fourth " 
            + "permission.");
        sp4.FromXml(sp2.ToXml());
        rc = sp4.Equals(sp2);
        Console.WriteLine("Does the XML round trip result equal the " 
            + "original permission? " 
            + ((rc) ? "Yes" : "No"));
    } //ShowMembers

    // Create a simple byte array containing data to be encrypted.
    public static void ProtectData()
    {
        ubyte secret[] =  { 0, 1, 2, 3, 4, 1, 2, 3, 4 };
        //Encrypt the data.
        encryptedSecret = Protect(secret);
        Console.WriteLine("The encrypted byte array is:");
        if (encryptedSecret != null) {
            PrintValues(encryptedSecret);
        }
    } //ProtectData

    // Decrypt the data and store in a byte array.
    public static void UnprotectData()
    {
        originalData = Unprotect(encryptedSecret);
        if (originalData != null) {
            Console.WriteLine("\r\nThe original data is:");
            PrintValues(originalData);
        }
    } //UnprotectData

    // Encrypt data in the specified byte array.
    public static ubyte[] Protect(ubyte data[])
    {
        try {
            // Encrypt the data using DataProtectionScope.CurrentUser.
            // The result can be decrypted only by the user who encrypted
            // the data.
            return ProtectedData.Protect(data, s_aditionalEntropy,
                DataProtectionScope.CurrentUser);
        }
        catch (CryptographicException e) {
            Console.WriteLine("Data was not encrypted. " 
                + "An error has occurred.");
            Console.WriteLine(e.ToString());
            return null;
        }
        catch (System.Security.SecurityException e) {
            Console.WriteLine("Insufficient permissions. " 
                + "An error has occurred.");
            Console.WriteLine(e.ToString());
            return null;
        }
    } //Protect

    // Decrypt data in the specified byte array.
    public static ubyte[] Unprotect(ubyte data[])
    {
        try {
            //Decrypt the data using DataProtectionScope.CurrentUser.
            return ProtectedData.Unprotect(data, s_aditionalEntropy,
                DataProtectionScope.CurrentUser);
        }
        catch (CryptographicException e) {
            Console.WriteLine("Data was not decrypted. " 
                + "An error has occurred.");
            Console.WriteLine(e.ToString());
            return null;
        }
        catch (System.Security.SecurityException e) {
            Console.WriteLine("Insufficient permissions. " 
                + "An error has occurred.");
            Console.WriteLine(e.ToString());
            return null;
        }
    } //Unprotect

    public static void PrintValues(ubyte myArr[])
    {
        for (int iCtr = 0; iCtr < myArr.get_Length(); iCtr++) {
            ubyte i = myArr[iCtr];
            Console.Write("\t{0}", System.Convert.ToString(i));
        }
        Console.WriteLine();
    } //PrintValues
} //DataProtect 

System.Object
   System.Security.CodeAccessPermission
    System.Security.Permissions.DataProtectionPermission

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

.NET Framework

Supported in: 2.0

Community Additions

ADD
Show:
© 2014 Microsoft