DpapiProtectedConfigurationProvider Class

 

Provides a ProtectedConfigurationProvider object that uses the Windows data protection API (DPAPI) to encrypt and decrypt configuration data.

Namespace:   System.Configuration
Assembly:  System.Configuration (in System.Configuration.dll)

System.Object
  System.Configuration.Provider.ProviderBase
    System.Configuration.ProtectedConfigurationProvider
      System.Configuration.DpapiProtectedConfigurationProvider

[PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]
public sealed class DpapiProtectedConfigurationProvider : ProtectedConfigurationProvider

NameDescription
System_CAPS_pubmethodDpapiProtectedConfigurationProvider()

Initializes a new instance of the DpapiProtectedConfigurationProvider class using default settings.

NameDescription
System_CAPS_pubpropertyDescription

Gets a brief, friendly description suitable for display in administrative tools or other user interfaces (UIs).(Inherited from ProviderBase.)

System_CAPS_pubpropertyName

Gets the friendly name used to refer to the provider during configuration.(Inherited from ProviderBase.)

System_CAPS_pubpropertyUseMachineProtection

Gets a value that indicates whether the DpapiProtectedConfigurationProvider object is using machine-specific or user-account-specific protection.

NameDescription
System_CAPS_pubmethodDecrypt(XmlNode)

Decrypts the passed XmlNode object.(Overrides ProtectedConfigurationProvider.Decrypt(XmlNode).)

System_CAPS_pubmethodEncrypt(XmlNode)

Encrypts the passed XmlNode object.(Overrides ProtectedConfigurationProvider.Encrypt(XmlNode).)

System_CAPS_pubmethodEquals(Object)

Determines whether the specified object is equal to the current object.(Inherited from Object.)

System_CAPS_pubmethodGetHashCode()

Serves as the default hash function. (Inherited from Object.)

System_CAPS_pubmethodGetType()

Gets the Type of the current instance.(Inherited from Object.)

System_CAPS_pubmethodInitialize(String, NameValueCollection)

Initializes the provider with default settings.(Overrides ProviderBase.Initialize(String, NameValueCollection).)

System_CAPS_pubmethodToString()

Returns a string that represents the current object.(Inherited from Object.)

The DpapiProtectedConfigurationProvider allows you to protect sensitive information stored in a configuration file from unauthorized access.

You use the standard DpapiProtectedConfigurationProvider by declaring the provider and appropriate settings in the configuration file rather than creating an instance of this class. Refer to the next example.

For more information about Protected Configuration, see Encrypting Configuration Information Using Protected Configuration.

The DpapiProtectedConfigurationProvider uses the Windows built-in cryptographic services and can be configured for either machine-specific or user-account-specific protection. Machine-specific protection is useful for anonymous services but provides less security. User-account-specific protection can be used with services that run with a specific user identity.

The following example shows how to use the standard DpapiProtectedConfigurationProvider to protect or unprotect a configuration section.

The following configuration excerpts show the configuration section before and after the protection has been applied.

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <connectionStrings>
    <add name="NorthwindConnectionString" 
      connectionString="Data Source=webnetue2;Initial Catalog=Northwind;User ID=aspnet_test;Password=test"
      providerName="System.Data.SqlClient" />
  </connectionStrings>
</configuration>
<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <connectionStrings>
    <EncryptedData>
      <CipherData>                <CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAcAMh0jIC1kigyFfd9AUZfQQAAAACAAAAAAADZgAAqAAAABAAAADQwbQ2DgIgIlqskE1RI9UpAAAAAASAAACgAAAAEAAAAAXlYBxi3jhM6wv4sxLhugsQAgAAgoReHZS2406dc/AyRDd6WuNr4ihHn6fbipd4tzHEmeuyS4o4fS4CmT3jMt/WjsP/kR7TF4ygwr2GG47podK79ECpVCZHAgctCauCYjE2Ls3iphKXy/pHic2o6aaClt/xPm+fb4OfODv6XjrJhJzGK2lqUPXkyJN1w2zwh6OVpDQF9N8vTyxL4eitp35/M5zYbW7e6VVAgYUOxlNxgCV5+jXpUKh/rPovopTD392u8KavqQFW1iu+gBPSPq/xeZNz+qYMKbUl+r4VTzBQg3fPlRxp1lNZmM2yRgUbkYPNaFb9ihS7GAg5/wZn8lLmThvq39eA0Vlp6hDE92iop885umELt0/NBKf5umQCqqz9EXXLbmmGc7qoLqTaYVuOmqx0LsvrJL0wSL1dSySCjmB/dNAtVUYgg02eWQNKyaLqnpMdCbTLLQ/oCKuNkL5OQ7t1yl5wQGjQhieIRzLtrMgpTSyaHbqDsRurp9Bc5mM078IAg1hXquQNKlJC/wiJ9kbHerFCbtuLGy/7nXVrFH91ud4U4ExCJEuhoTdmuql5kbqYd6Ye/bu2CftPni19nDkSJ8w4NoqMNKbK3Mi/Cd0o113HsVYlETMv1vlJWZWYP91PK9trixiY4E0G81c6IKITjHDrOJ9evdw2T1/TrvY6pzre3UXSJbFMDQVX6JoAxFk02SRZDKOZdRojeoX19lgrFAAAABzjlz3Qg2as3vn7MRQVxDfZucgE</CipherValue>
      </CipherData>
    </EncryptedData>
  </connectionStrings>
  <configProtectedData defaultProvider="RsaProtectedConfigurationProvider">
    <providers>
      <clear />
      <add keyContainerName="NetFrameworkConfigurationKey" cspProviderName=""
        useMachineContainer="true" useOAEP="false" description="Uses RsaCryptoServiceProvider to encrypt and decrypt"
        name="RsaProtectedConfigurationProvider" type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      <add useMachineProtection="true" description="Uses CryptProtectData and CryptUnProtectData Windows APIs to encrypt and decrypt"
        keyEntropy="" name="DataProtectionConfigurationProvider" type="System.Configuration.DpapiProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
    </providers>
  </configProtectedData>
</configuration>

NamedPermissionSet

for full access to system resources. Demand value: DemandFullTrust

.NET Framework
Available since 2.0

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
Show: