- Reference
Definition
- Namespace:
- System.Configuration
- Assembly:
- System.Configuration.ConfigurationManager.dll
- Assembly:
- System.Configuration.dll
- Package:
- System.Configuration.ConfigurationManager v8.0.0
- Package:
- System.Configuration.ConfigurationManager v9.0.0-preview.7.24405.7
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Provides a ProtectedConfigurationProvider instance that uses RSA encryption to encrypt and decrypt configuration data.
public ref class RsaProtectedConfigurationProvider sealed : System::Configuration::ProtectedConfigurationProvider
public sealed class RsaProtectedConfigurationProvider : System.Configuration.ProtectedConfigurationProvider
type RsaProtectedConfigurationProvider = class inherit ProtectedConfigurationProvider
Public NotInheritable Class RsaProtectedConfigurationProviderInherits ProtectedConfigurationProvider
- Inheritance
Object
ProviderBase
ProtectedConfigurationProvider
RsaProtectedConfigurationProvider
Examples
The following example shows how to use the standard RsaProtectedConfigurationProvider to protect or unprotect a configuration section.
using System;using System.Configuration;public class UsingRsaProtectedConfigurationProvider{ // Protect the connectionStrings section. private static void ProtectConfiguration() { // Get the application configuration file. System.Configuration.Configuration config = ConfigurationManager.OpenExeConfiguration( ConfigurationUserLevel.None); // Define the Rsa provider name. string provider = "RsaProtectedConfigurationProvider"; // Get the section to protect. ConfigurationSection connStrings = config.ConnectionStrings; if (connStrings != null) { if (!connStrings.SectionInformation.IsProtected) { if (!connStrings.ElementInformation.IsLocked) { // Protect the section. connStrings.SectionInformation.ProtectSection(provider); connStrings.SectionInformation.ForceSave = true; config.Save(ConfigurationSaveMode.Full); Console.WriteLine("Section {0} is now protected by {1}", connStrings.SectionInformation.Name, connStrings.SectionInformation.ProtectionProvider.Name); } else Console.WriteLine( "Can't protect, section {0} is locked", connStrings.SectionInformation.Name); } else Console.WriteLine( "Section {0} is already protected by {1}", connStrings.SectionInformation.Name, connStrings.SectionInformation.ProtectionProvider.Name); } else Console.WriteLine("Can't get the section {0}", connStrings.SectionInformation.Name); } // Unprotect the connectionStrings section. private static void UnProtectConfiguration() { // Get the application configuration file. System.Configuration.Configuration config = ConfigurationManager.OpenExeConfiguration( ConfigurationUserLevel.None); // Get the section to unprotect. ConfigurationSection connStrings = config.ConnectionStrings; if (connStrings != null) { if (connStrings.SectionInformation.IsProtected) { if (!connStrings.ElementInformation.IsLocked) { // Unprotect the section. connStrings.SectionInformation.UnprotectSection(); connStrings.SectionInformation.ForceSave = true; config.Save(ConfigurationSaveMode.Full); Console.WriteLine("Section {0} is now unprotected.", connStrings.SectionInformation.Name); } else Console.WriteLine( "Can't unprotect, section {0} is locked", connStrings.SectionInformation.Name); } else Console.WriteLine( "Section {0} is already unprotected.", connStrings.SectionInformation.Name); } else Console.WriteLine("Can't get the section {0}", connStrings.SectionInformation.Name); } public static void Main(string[] args) { string selection = string.Empty; if (args.Length == 0) { Console.WriteLine( "Select protect or unprotect"); return; } selection = args[0].ToLower(); switch (selection) { case "protect": ProtectConfiguration(); break; case "unprotect": UnProtectConfiguration(); break; default: Console.WriteLine("Unknown selection"); break; } Console.Read(); }}
Imports System.ConfigurationPublic Class UsingRsaProtectedConfigurationProvider ' Protect the connectionStrings section. Private Shared Sub ProtectConfiguration() ' Get the application configuration file. Dim config As System.Configuration.Configuration = _ ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None) ' Define the Rsa provider name. Dim provider As String = _ "RsaProtectedConfigurationProvider" ' Get the section to protect. Dim connStrings As ConfigurationSection = _ config.ConnectionStrings If Not (connStrings Is Nothing) Then If Not connStrings.SectionInformation.IsProtected Then If Not connStrings.ElementInformation.IsLocked Then ' Protect the section. connStrings.SectionInformation.ProtectSection(provider) connStrings.SectionInformation.ForceSave = True config.Save(ConfigurationSaveMode.Full) Console.WriteLine( _ "Section {0} is now protected by {1}", _ connStrings.SectionInformation.Name, _ connStrings.SectionInformation.ProtectionProvider.Name) Else Console.WriteLine( _ "Can't protect, section {0} is locked", _ connStrings.SectionInformation.Name) End If Else Console.WriteLine( _ "Section {0} is already protected by {1}", _ connStrings.SectionInformation.Name, _ connStrings.SectionInformation.ProtectionProvider.Name) End If Else Console.WriteLine( _ "Can't get the section {0}", _ connStrings.SectionInformation.Name) End If End Sub ' Unprotect the connectionStrings section. Private Shared Sub UnProtectConfiguration() ' Get the application configuration file. Dim config As System.Configuration.Configuration = _ ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None) ' Get the section to unprotect. Dim connStrings As ConfigurationSection = _ config.ConnectionStrings If Not (connStrings Is Nothing) Then If connStrings.SectionInformation.IsProtected Then If Not connStrings.ElementInformation.IsLocked Then ' Unprotect the section. connStrings.SectionInformation.UnprotectSection() connStrings.SectionInformation.ForceSave = True config.Save(ConfigurationSaveMode.Full) Console.WriteLine( _ "Section {0} is now unprotected.", _ connStrings.SectionInformation.Name) Else Console.WriteLine( _ "Can't unprotect, section {0} is locked", _ connStrings.SectionInformation.Name) End If Else Console.WriteLine( _ "Section {0} is already unprotected.", _ connStrings.SectionInformation.Name) End If Else Console.WriteLine( _ "Can't get the section {0}", _ connStrings.SectionInformation.Name) End If End Sub Public Shared Sub Main(ByVal args() As String) Dim selection As String = String.Empty If args.Length = 0 Then Console.WriteLine( _ "Select protect or unprotect") Return End If selection = args(0).ToLower() Select Case selection Case "protect" ProtectConfiguration() Case "unprotect" UnProtectConfiguration() Case Else Console.WriteLine( _ "Unknown selection") End Select Console.Read() End SubEnd Class
The following example shows an excerpt from a configuration file after encryption.
<?xml version="1.0" encoding="utf-8"?><configuration> <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider"> <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>Rsa Key</KeyName> </KeyInfo> <CipherData> <CipherValue>B702tRDVHJjC3CYXt7I0ucCDjdht/Vyk/DdUhwQyt7vepSD85dwCP8ox9Y1BUdjajFeTFfFBsGypbli5HPGRYamQdrVkPo07bBBXNT5H02qxREguGUU4iDtV1Xp8BLVZjQMV4ZgP6Wbctw2xRvPC7GvKHLI4fUN/Je5LmutsijA=</CipherValue> </CipherData> </EncryptedKey> </KeyInfo> <CipherData> <CipherValue>ME+XJA2TAj3QN3yT4pJq3sRArC0i7Cz3Da71BkaRe9QNfuVuUjcv0jeGUN4wDdOAZ7LPq6UpVrpirY3kQcALDvPJ5nKxk++Mw75rjtIO8eh2goTY9rCK6zanfzaDshFy7IqItpvs/y2kmij25nM3ury6uO0hCf0UbEL1mbT2jXDqvcrHZUobO1Ef6bygBZ/8HpU+VfF9CTCob/BBE9zUkK37EQhcduwsnzBvDblYbF/Rd+F4lxAkZnecGLfCZjOzJB4xH1a0vvWtPR7zNwL/7I0uHzQjyMdWrkBnotMjoR70R7NELBotCogWO0MBimncKigdR3dTTdrCd72a7UJ4LMlEQaZXGIJp4PIg6qVDHII=</CipherValue> </CipherData> </EncryptedData> </connectionStrings></configuration>
Remarks
The RsaProtectedConfigurationProvider class gives you a way to encrypt sensitive information stored in a configuration file, which helps protect it from unauthorized access. You use the built-in RsaProtectedConfigurationProvider instance by declaring the provider and making appropriate settings in the configuration file instead of creating an instance of this class, as shown in the Examples section.
The RsaProtectedConfigurationProvider object uses the cryptography functions provided by RSA class to encrypt and decrypt configuration sections.
Note
Before ASP.NET can decrypt encrypted information in your configuration file, the identity of your ASP.NET application must have read access to the encryption key used to encrypt and decrypt the configuration data. For more information, see Walkthrough: Encrypting Configuration Information Using Protected Configuration.
Note
On .NET Core and .NET 5+, the RsaProtectedConfigurationProvider type is not supported. All APIs throw a PlatformNotSupportedException at run time.
Constructors
RsaProtectedConfigurationProvider() | Initializes a new instance of the RsaProtectedConfigurationProvider class. |
Properties
CspProviderName | Gets the name of the Windows cryptography API (crypto API) cryptographic service provider (CSP). |
Description | Gets a brief, friendly description suitable for display in administrative tools or other user interfaces (UIs). (Inherited from ProviderBase) |
KeyContainerName | Gets the name of the key container. |
Name | Gets the friendly name used to refer to the provider during configuration. (Inherited from ProviderBase) |
RsaPublicKey | Gets the public key used by the provider. |
UseFIPS | Gets a value indicating whether the provider uses FIPS. |
UseMachineContainer | Gets a value that indicates whether the RsaProtectedConfigurationProvider object is using the machine key container. |
UseOAEP | Gets a value that indicates whether the provider is using Optimal Asymmetric Encryption Padding (OAEP) key exchange data. |
Methods
AddKey(Int32, Boolean) | Adds a key to the RSA key container. |
Decrypt(XmlNode) | Decrypts the XML node passed to it. |
DeleteKey() | Removes a key from the RSA key container. |
Encrypt(XmlNode) | Encrypts the XML node passed to it. |
Equals(Object) | Determines whether the specified object is equal to the current object. (Inherited from Object) |
ExportKey(String, Boolean) | Exports an RSA key from the key container. |
GetHashCode() | Serves as the default hash function. (Inherited from Object) |
GetType() | Gets the Type of the current instance. (Inherited from Object) |
ImportKey(String, Boolean) | Imports an RSA key into the key container. |
Initialize(String, NameValueCollection) | Initializes the provider with default settings. |
Initialize(String, NameValueCollection) | Initializes the configuration builder. (Inherited from ProviderBase) |
MemberwiseClone() | Creates a shallow copy of the current Object. (Inherited from Object) |
ToString() | Returns a string that represents the current object. (Inherited from Object) |
Applies to
See also
- ProtectedConfigurationProvider
- DpapiProtectedConfigurationProvider
- RSA
- Cryptographic Services
- Walkthrough: Encrypting Configuration Information using Protected Configuration
- Walkthrough: Creating and Exporting an RSA Key Container
- Specifying a Protected Configuration Provider