RsaProtectedConfigurationProvider Class
Assembly: System.Configuration (in system.configuration.dll)
'Declaration Public NotInheritable Class RsaProtectedConfigurationProvider Inherits ProtectedConfigurationProvider 'Usage Dim instance As RsaProtectedConfigurationProvider
public final class RsaProtectedConfigurationProvider extends ProtectedConfigurationProvider
public final class RsaProtectedConfigurationProvider extends ProtectedConfigurationProvider
Not applicable.
The RsaProtectedConfigurationProvider class gives you a way to encrypt sensitive information stored in a configuration file, which helps protect it from unauthorized access. You use the built-in RsaProtectedConfigurationProvider instance by declaring the provider and making appropriate settings in the configuration file instead of creating an instance of this class, as shown in the example later in this topic.
The RsaProtectedConfigurationProvider object uses the cryptography functions provided by RSA class to encrypt and decrypt configuration sections.
Note: |
|---|
| Before ASP.NET can decrypt encrypted information in your configuration file, the identity of your ASP.NET application must have read access to the encryption key used to encrypt and decrypt the configuration data. For more information, see Walkthrough: Encrypting Configuration Information Using Protected Configuration. |
The following code example shows how to use the standard RsaProtectedConfigurationProvider to protect or unprotect a configuration section.
Imports System Imports System.Configuration Public Class UsingRsaProtectedConfigurationProvider ' Protect the connectionStrings section. Private Shared Sub ProtectConfiguration() ' Get the application configuration file. Dim config As System.Configuration.Configuration = _ ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None) ' Define the Rsa provider name. Dim provider As String = _ "RsaProtectedConfigurationProvider" ' Get the section to protect. Dim connStrings As ConfigurationSection = _ config.ConnectionStrings If Not (connStrings Is Nothing) Then If Not connStrings.SectionInformation.IsProtected Then If Not connStrings.ElementInformation.IsLocked Then ' Protect the section. connStrings.SectionInformation.ProtectSection(provider) connStrings.SectionInformation.ForceSave = True config.Save(ConfigurationSaveMode.Full) Console.WriteLine( _ "Section {0} is now protected by {1}", _ connStrings.SectionInformation.Name, _ connStrings.SectionInformation.ProtectionProvider.Name) Else Console.WriteLine( _ "Can't protect, section {0} is locked", _ connStrings.SectionInformation.Name) End If Else Console.WriteLine( _ "Section {0} is already protected by {1}", _ connStrings.SectionInformation.Name, _ connStrings.SectionInformation.ProtectionProvider.Name) End If Else Console.WriteLine( _ "Can't get the section {0}", _ connStrings.SectionInformation.Name) End If End Sub 'ProtectConfiguration ' Unprotect the connectionStrings section. Private Shared Sub UnProtectConfiguration() ' Get the application configuration file. Dim config As System.Configuration.Configuration = _ ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None) ' Get the section to unprotect. Dim connStrings As ConfigurationSection = _ config.ConnectionStrings If Not (connStrings Is Nothing) Then If connStrings.SectionInformation.IsProtected Then If Not connStrings.ElementInformation.IsLocked Then ' Unprotect the section. connStrings.SectionInformation.UnprotectSection() connStrings.SectionInformation.ForceSave = True config.Save(ConfigurationSaveMode.Full) Console.WriteLine( _ "Section {0} is now unprotected.", _ connStrings.SectionInformation.Name) Else Console.WriteLine( _ "Can't unprotect, section {0} is locked", _ connStrings.SectionInformation.Name) End If Else Console.WriteLine( _ "Section {0} is already unprotected.", _ connStrings.SectionInformation.Name) End If Else Console.WriteLine( _ "Can't get the section {0}", _ connStrings.SectionInformation.Name) End If End Sub 'UnProtectConfiguration Public Shared Sub Main(ByVal args() As String) Dim selection As String = String.Empty If args.Length = 0 Then Console.WriteLine( _ "Select protect or unprotect") Return End If selection = args(0).ToLower() Select Case selection Case "protect" ProtectConfiguration() Case "unprotect" UnProtectConfiguration() Case Else Console.WriteLine( _ "Unknown selection") End Select Console.Read() End Sub 'Main End Class 'UsingRsaProtectedConfigurationProvider
The following example shows an excerpt from a configuration file after encryption.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>B702tRDVHJjC3CYXt7I0ucCDjdht/Vyk/DdUhwQyt7vepSD85dwCP8ox9Y1BUdjajFeTFfFBsGypbli5HPGRYamQdrVkPo07bBBXNT5H02qxREguGUU4iDtV1Xp8BLVZjQMV4ZgP6Wbctw2xRvPC7GvKHLI4fUN/Je5LmutsijA=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>ME+XJA2TAj3QN3yT4pJq3sRArC0i7Cz3Da71BkaRe9QNfuVuUjcv0jeGUN4wDdOAZ7LPq6UpVrpirY3kQcALDvPJ5nKxk++Mw75rjtIO8eh2goTY9rCK6zanfzaDshFy7IqItpvs/y2kmij25nM3ury6uO0hCf0UbEL1mbT2jXDqvcrHZUobO1Ef6bygBZ/8HpU+VfF9CTCob/BBE9zUkK37EQhcduwsnzBvDblYbF/Rd+F4lxAkZnecGLfCZjOzJB4xH1a0vvWtPR7zNwL/7I0uHzQjyMdWrkBnotMjoR70R7NELBotCogWO0MBimncKigdR3dTTdrCd72a7UJ4LMlEQaZXGIJp4PIg6qVDHII=</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
</configuration>
- SecurityPermission for full access to the resource protected by the permission. Demand.
System.Configuration.Provider.ProviderBase
System.Configuration.ProtectedConfigurationProvider
System.Configuration.RsaProtectedConfigurationProvider
Windows 98, Windows Server 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition
The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.Reference
RsaProtectedConfigurationProvider MembersSystem.Configuration Namespace
ProtectedConfigurationProvider
DpapiProtectedConfigurationProvider
RSA
Other Resources
Cryptographic ServicesWalkthrough: Encrypting Configuration Information Using Protected Configuration
Walkthrough: Creating and Exporting an RSA Key Container
Specifying a Protected Configuration Provider
Note: