RsaProtectedConfigurationProvider Class
TOC
Collapse the table of content
Expand the table of content

RsaProtectedConfigurationProvider Class

 

Provides a ProtectedConfigurationProvider instance that uses RSA encryption to encrypt and decrypt configuration data.

Namespace:   System.Configuration
Assembly:  System.Configuration (in System.Configuration.dll)

System.Object
  System.Configuration.Provider.ProviderBase
    System.Configuration.ProtectedConfigurationProvider
      System.Configuration.RsaProtectedConfigurationProvider

[PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]
public sealed class RsaProtectedConfigurationProvider : ProtectedConfigurationProvider

NameDescription
System_CAPS_pubmethodRsaProtectedConfigurationProvider()

Initializes a new instance of the RsaProtectedConfigurationProvider class.

NameDescription
System_CAPS_pubpropertyCspProviderName

Gets the name of the Windows cryptography API (crypto API) cryptographic service provider (CSP).

System_CAPS_pubpropertyDescription

Gets a brief, friendly description suitable for display in administrative tools or other user interfaces (UIs).(Inherited from ProviderBase.)

System_CAPS_pubpropertyKeyContainerName

Gets the name of the key container.

System_CAPS_pubpropertyName

Gets the friendly name used to refer to the provider during configuration.(Inherited from ProviderBase.)

System_CAPS_pubpropertyRsaPublicKey

Gets the public key used by the provider.

System_CAPS_pubpropertyUseFIPS

Gets a value indicating whether the provider uses FIPS.

System_CAPS_pubpropertyUseMachineContainer

Gets a value that indicates whether the RsaProtectedConfigurationProvider object is using the machine key container.

System_CAPS_pubpropertyUseOAEP

Gets a value that indicates whether the provider is using Optimal Asymmetric Encryption Padding (OAEP) key exchange data.

NameDescription
System_CAPS_pubmethodAddKey(Int32, Boolean)

Adds a key to the RSA key container.

System_CAPS_pubmethodDecrypt(XmlNode)

Decrypts the XML node passed to it.(Overrides ProtectedConfigurationProvider.Decrypt(XmlNode).)

System_CAPS_pubmethodDeleteKey()

Removes a key from the RSA key container.

System_CAPS_pubmethodEncrypt(XmlNode)

Encrypts the XML node passed to it.(Overrides ProtectedConfigurationProvider.Encrypt(XmlNode).)

System_CAPS_pubmethodEquals(Object)

Determines whether the specified object is equal to the current object.(Inherited from Object.)

System_CAPS_pubmethodExportKey(String, Boolean)

Exports an RSA key from the key container.

System_CAPS_pubmethodGetHashCode()

Serves as the default hash function. (Inherited from Object.)

System_CAPS_pubmethodGetType()

Gets the Type of the current instance.(Inherited from Object.)

System_CAPS_pubmethodImportKey(String, Boolean)

Imports an RSA key into the key container.

System_CAPS_pubmethodInitialize(String, NameValueCollection)

Initializes the provider with default settings.(Overrides ProviderBase.Initialize(String, NameValueCollection).)

System_CAPS_pubmethodToString()

Returns a string that represents the current object.(Inherited from Object.)

The RsaProtectedConfigurationProvider class gives you a way to encrypt sensitive information stored in a configuration file, which helps protect it from unauthorized access. You use the built-in RsaProtectedConfigurationProvider instance by declaring the provider and making appropriate settings in the configuration file instead of creating an instance of this class, as shown in the example later in this topic.

The RsaProtectedConfigurationProvider object uses the cryptography functions provided by RSA class to encrypt and decrypt configuration sections.

System_CAPS_noteNote

Before ASP.NET can decrypt encrypted information in your configuration file, the identity of your ASP.NET application must have read access to the encryption key used to encrypt and decrypt the configuration data. For more information, see Walkthrough: Encrypting Configuration Information Using Protected Configuration.

The following code example shows how to use the standard RsaProtectedConfigurationProvider to protect or unprotect a configuration section.

using System;
using System.Configuration;

public class UsingRsaProtectedConfigurationProvider
{

    // Protect the connectionStrings section.
    private static void ProtectConfiguration()
    {

        // Get the application configuration file.
        System.Configuration.Configuration config =
                ConfigurationManager.OpenExeConfiguration(
                ConfigurationUserLevel.None);

        // Define the Rsa provider name.
        string provider =
            "RsaProtectedConfigurationProvider";

        // Get the section to protect.
        ConfigurationSection connStrings =
            config.ConnectionStrings;

        if (connStrings != null)
        {
            if (!connStrings.SectionInformation.IsProtected)
            {
                if (!connStrings.ElementInformation.IsLocked)
                {
                    // Protect the section.
                    connStrings.SectionInformation.ProtectSection(provider);

                    connStrings.SectionInformation.ForceSave = true;
                    config.Save(ConfigurationSaveMode.Full);

                    Console.WriteLine("Section {0} is now protected by {1}",
                        connStrings.SectionInformation.Name,
                        connStrings.SectionInformation.ProtectionProvider.Name);

                }
                else
                    Console.WriteLine(
                         "Can't protect, section {0} is locked",
                         connStrings.SectionInformation.Name);
            }
            else
                Console.WriteLine(
                    "Section {0} is already protected by {1}",
                    connStrings.SectionInformation.Name,
                    connStrings.SectionInformation.ProtectionProvider.Name);

        }
        else
            Console.WriteLine("Can't get the section {0}",
                connStrings.SectionInformation.Name);

    }


    // Unprotect the connectionStrings section.
    private static void UnProtectConfiguration()
    {

        // Get the application configuration file.
        System.Configuration.Configuration config =
                ConfigurationManager.OpenExeConfiguration(
                ConfigurationUserLevel.None);

        // Get the section to unprotect.
        ConfigurationSection connStrings =
            config.ConnectionStrings;

        if (connStrings != null)
        {
            if (connStrings.SectionInformation.IsProtected)
            {
                if (!connStrings.ElementInformation.IsLocked)
                {
                    // Unprotect the section.
                    connStrings.SectionInformation.UnprotectSection();

                    connStrings.SectionInformation.ForceSave = true;
                    config.Save(ConfigurationSaveMode.Full);

                    Console.WriteLine("Section {0} is now unprotected.",
                        connStrings.SectionInformation.Name);

                }
                else
                    Console.WriteLine(
                         "Can't unprotect, section {0} is locked",
                         connStrings.SectionInformation.Name);
            }
            else
                Console.WriteLine(
                    "Section {0} is already unprotected.",
                    connStrings.SectionInformation.Name);

        }
        else
            Console.WriteLine("Can't get the section {0}",
                connStrings.SectionInformation.Name);

    }


    public static void Main(string[] args)
    {

        string selection = string.Empty;

        if (args.Length == 0)
        {
            Console.WriteLine(
                "Select protect or unprotect");
            return;
        }

        selection = args[0].ToLower();

        switch (selection)
        {
            case "protect":
                ProtectConfiguration();
                break;

            case "unprotect":
                UnProtectConfiguration();
                break;

            default:
                Console.WriteLine("Unknown selection");
                break;
        }

        Console.Read();

    }


}

The following example shows an excerpt from a configuration file after encryption.

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
    <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
        xmlns="http://www.w3.org/2001/04/xmlenc#">
      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
        <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
          <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
          <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <KeyName>Rsa Key</KeyName>
          </KeyInfo>
          <CipherData>
            <CipherValue>B702tRDVHJjC3CYXt7I0ucCDjdht/Vyk/DdUhwQyt7vepSD85dwCP8ox9Y1BUdjajFeTFfFBsGypbli5HPGRYamQdrVkPo07bBBXNT5H02qxREguGUU4iDtV1Xp8BLVZjQMV4ZgP6Wbctw2xRvPC7GvKHLI4fUN/Je5LmutsijA=</CipherValue>
          </CipherData>
        </EncryptedKey>
      </KeyInfo>
      <CipherData>
        <CipherValue>ME+XJA2TAj3QN3yT4pJq3sRArC0i7Cz3Da71BkaRe9QNfuVuUjcv0jeGUN4wDdOAZ7LPq6UpVrpirY3kQcALDvPJ5nKxk++Mw75rjtIO8eh2goTY9rCK6zanfzaDshFy7IqItpvs/y2kmij25nM3ury6uO0hCf0UbEL1mbT2jXDqvcrHZUobO1Ef6bygBZ/8HpU+VfF9CTCob/BBE9zUkK37EQhcduwsnzBvDblYbF/Rd+F4lxAkZnecGLfCZjOzJB4xH1a0vvWtPR7zNwL/7I0uHzQjyMdWrkBnotMjoR70R7NELBotCogWO0MBimncKigdR3dTTdrCd72a7UJ4LMlEQaZXGIJp4PIg6qVDHII=</CipherValue>
      </CipherData>
    </EncryptedData>
  </connectionStrings>
</configuration>

SecurityPermission

for full access to the resource protected by the permission. Demand.

.NET Framework
Available since 2.0

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
Show:
© 2016 Microsoft