Home Library Learn Samples Downloads Support Community Forums
This topic has not yet been rated - Rate this topic

RsaProtectedConfigurationProvider Class

.NET Framework 4.5

Provides a ProtectedConfigurationProvider instance that uses RSA encryption to encrypt and decrypt configuration data.

Namespace:  System.Configuration
Assembly:  System.Configuration (in System.Configuration.dll)
C#
C++
F#
VB
Copy 
[PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]
public sealed class RsaProtectedConfigurationProvider : ProtectedConfigurationProvider

The RsaProtectedConfigurationProvider type exposes the following members.

  NameDescription
Public methodRsaProtectedConfigurationProviderInitializes a new instance of the RsaProtectedConfigurationProvider class.
Top
  NameDescription
Public propertyCspProviderNameGets the name of the Windows cryptography API (crypto API) cryptographic service provider (CSP).
Public propertyDescriptionGets a brief, friendly description suitable for display in administrative tools or other user interfaces (UIs). (Inherited from ProviderBase.)
Public propertyKeyContainerNameGets the name of the key container.
Public propertyNameGets the friendly name used to refer to the provider during configuration. (Inherited from ProviderBase.)
Public propertyRsaPublicKeyGets the public key used by the provider.
Public propertyUseMachineContainerGets a value that indicates whether the RsaProtectedConfigurationProvider object is using the machine key container.
Public propertyUseOAEPGets a value that indicates whether the provider is using Optimal Asymmetric Encryption Padding (OAEP) key exchange data.
Top
  NameDescription
Public methodAddKeyAdds a key to the RSA key container.
Public methodDecryptDecrypts the XML node passed to it. (Overrides ProtectedConfigurationProvider.Decrypt(XmlNode).)
Public methodDeleteKeyRemoves a key from the RSA key container.
Public methodEncryptEncrypts the XML node passed to it. (Overrides ProtectedConfigurationProvider.Encrypt(XmlNode).)
Public methodEquals(Object)Determines whether the specified object is equal to the current object. (Inherited from Object.)
Public methodExportKeyExports an RSA key from the key container.
Public methodGetHashCodeServes as a hash function for a particular type. (Inherited from Object.)
Public methodGetTypeGets the Type of the current instance. (Inherited from Object.)
Public methodImportKeyImports an RSA key into the key container.
Public methodInitializeInitializes the provider with default settings. (Overrides ProviderBase.Initialize(String, NameValueCollection).)
Public methodToStringReturns a string that represents the current object. (Inherited from Object.)
Top

The RsaProtectedConfigurationProvider class gives you a way to encrypt sensitive information stored in a configuration file, which helps protect it from unauthorized access. You use the built-in RsaProtectedConfigurationProvider instance by declaring the provider and making appropriate settings in the configuration file instead of creating an instance of this class, as shown in the example later in this topic.

The RsaProtectedConfigurationProvider object uses the cryptography functions provided by RSA class to encrypt and decrypt configuration sections.

NoteNote

Before ASP.NET can decrypt encrypted information in your configuration file, the identity of your ASP.NET application must have read access to the encryption key used to encrypt and decrypt the configuration data. For more information, see Walkthrough: Encrypting Configuration Information Using Protected Configuration.

The following code example shows how to use the standard RsaProtectedConfigurationProvider to protect or unprotect a configuration section.

C#
VB
Copy 
using System;
using System.Configuration;

public class UsingRsaProtectedConfigurationProvider
{

    // Protect the connectionStrings section. 
    private static void ProtectConfiguration()
    {

        // Get the application configuration file.
        System.Configuration.Configuration config =
                ConfigurationManager.OpenExeConfiguration(
                ConfigurationUserLevel.None);

        // Define the Rsa provider name. 
        string provider =
            "RsaProtectedConfigurationProvider";

        // Get the section to protect.
        ConfigurationSection connStrings =
            config.ConnectionStrings;

        if (connStrings != null)
        {
            if (!connStrings.SectionInformation.IsProtected)
            {
                if (!connStrings.ElementInformation.IsLocked)
                {
                    // Protect the section.
                    connStrings.SectionInformation.ProtectSection(provider);

                    connStrings.SectionInformation.ForceSave = true;
                    config.Save(ConfigurationSaveMode.Full);

                    Console.WriteLine("Section {0} is now protected by {1}",
                        connStrings.SectionInformation.Name,
                        connStrings.SectionInformation.ProtectionProvider.Name);

                }
                else
                    Console.WriteLine(
                         "Can't protect, section {0} is locked",
                         connStrings.SectionInformation.Name);
            }
            else
                Console.WriteLine(
                    "Section {0} is already protected by {1}",
                    connStrings.SectionInformation.Name,
                    connStrings.SectionInformation.ProtectionProvider.Name);

        }
        else
            Console.WriteLine("Can't get the section {0}",
                connStrings.SectionInformation.Name);

    }


    // Unprotect the connectionStrings section. 
    private static void UnProtectConfiguration()
    {

        // Get the application configuration file.
        System.Configuration.Configuration config =
                ConfigurationManager.OpenExeConfiguration(
                ConfigurationUserLevel.None);

        // Get the section to unprotect.
        ConfigurationSection connStrings =
            config.ConnectionStrings;

        if (connStrings != null)
        {
            if (connStrings.SectionInformation.IsProtected)
            {
                if (!connStrings.ElementInformation.IsLocked)
                {
                    // Unprotect the section.
                    connStrings.SectionInformation.UnprotectSection();

                    connStrings.SectionInformation.ForceSave = true;
                    config.Save(ConfigurationSaveMode.Full);

                    Console.WriteLine("Section {0} is now unprotected.",
                        connStrings.SectionInformation.Name);

                }
                else
                    Console.WriteLine(
                         "Can't unprotect, section {0} is locked",
                         connStrings.SectionInformation.Name);
            }
            else
                Console.WriteLine(
                    "Section {0} is already unprotected.",
                    connStrings.SectionInformation.Name);

        }
        else
            Console.WriteLine("Can't get the section {0}",
                connStrings.SectionInformation.Name);

    }


    public static void Main(string[] args)
    {

        string selection = string.Empty;

        if (args.Length == 0)
        {
            Console.WriteLine(
                "Select protect or unprotect");
            return;
        }

        selection = args[0].ToLower();

        switch (selection)
        {
            case "protect":
                ProtectConfiguration();
                break;

            case "unprotect":
                UnProtectConfiguration();
                break;

            default:
                Console.WriteLine("Unknown selection");
                break;
        }

        Console.Read();

    }


}

The following example shows an excerpt from a configuration file after encryption.

Copy 
<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
    <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
        xmlns="http://www.w3.org/2001/04/xmlenc#">
      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
          <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
          <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <KeyName>Rsa Key</KeyName>
          </KeyInfo>
          <CipherData>
            <CipherValue>B702tRDVHJjC3CYXt7I0ucCDjdht/Vyk/DdUhwQyt7vepSD85dwCP8ox9Y1BUdjajFeTFfFBsGypbli5HPGRYamQdrVkPo07bBBXNT5H02qxREguGUU4iDtV1Xp8BLVZjQMV4ZgP6Wbctw2xRvPC7GvKHLI4fUN/Je5LmutsijA=</CipherValue>
          </CipherData>
        </EncryptedKey>
      </KeyInfo>
      <CipherData>
        <CipherValue>ME+XJA2TAj3QN3yT4pJq3sRArC0i7Cz3Da71BkaRe9QNfuVuUjcv0jeGUN4wDdOAZ7LPq6UpVrpirY3kQcALDvPJ5nKxk++Mw75rjtIO8eh2goTY9rCK6zanfzaDshFy7IqItpvs/y2kmij25nM3ury6uO0hCf0UbEL1mbT2jXDqvcrHZUobO1Ef6bygBZ/8HpU+VfF9CTCob/BBE9zUkK37EQhcduwsnzBvDblYbF/Rd+F4lxAkZnecGLfCZjOzJB4xH1a0vvWtPR7zNwL/7I0uHzQjyMdWrkBnotMjoR70R7NELBotCogWO0MBimncKigdR3dTTdrCd72a7UJ4LMlEQaZXGIJp4PIg6qVDHII=</CipherValue>
      </CipherData>
    </EncryptedData>
  </connectionStrings>
</configuration>

.NET Framework

Supported in: 4.5, 4, 3.5, 3.0, 2.0

.NET Framework Client Profile

Supported in: 4, 3.5 SP1

Windows 8, Windows Server 2012, Windows 7, Windows Vista SP2, Windows Server 2008 (Server Core Role not supported), Windows Server 2008 R2 (Server Core Role supported with SP1 or later; Itanium not supported)

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.
Did you find this helpful?
(1500 characters remaining)
© 2013 Microsoft. All rights reserved.