Using the data protection API (XAML)
The DataProtectionProvider class in the Windows.Security.Cryptography.DataProtection namespace provides a simplified way to encrypt and decrypt digital data. You can use the class to protect data to any of the following:
- You can use a SID to protect data to an Active Directory (AD) security principal like an AD group. Any member of the group can decrypt the data.
- You can protect data to the current user.
- You can protect data to the credentials (password) used during logon to a website.
To protect data, when you create a DataProtectionProvider object you must specify a protection descriptor before calling ProtectAsync or ProtectStreamAsync. The following example shows possible sample protection descriptors.
"SID=S-1-5-21-4392301 AND SID=S-1-5-21-3101812" "SDDL=O:S-1-5-5-0-290724G:SYD:(A;;CCDC;;;S-1-5-5-0-290724)(A;;DC;;;WD)" "LOCAL=user" "LOCAL=machine" "WEBCREDENTIALS=MyPasswordName" "WEBCREDENTIALS=MyPasswordName,myweb.com"
For examples, see the following topics: