DpapiProtectedConfigurationProvider Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Provides a ProtectedConfigurationProvider object that uses the Windows data protection API (DPAPI) to encrypt and decrypt configuration data.
public ref class DpapiProtectedConfigurationProvider sealed : System::Configuration::ProtectedConfigurationProvider[System.Runtime.Versioning.SupportedOSPlatform("windows")]
public sealed class DpapiProtectedConfigurationProvider : System.Configuration.ProtectedConfigurationProviderpublic sealed class DpapiProtectedConfigurationProvider : System.Configuration.ProtectedConfigurationProvider[<System.Runtime.Versioning.SupportedOSPlatform("windows")>]
type DpapiProtectedConfigurationProvider = class
inherit ProtectedConfigurationProvidertype DpapiProtectedConfigurationProvider = class
inherit ProtectedConfigurationProviderPublic NotInheritable Class DpapiProtectedConfigurationProvider
Inherits ProtectedConfigurationProvider- Inheritance
- Attributes
Examples
The following example shows how to use the standard DpapiProtectedConfigurationProvider to protect or unprotect a configuration section.
The following configuration excerpts show the configuration section before and after the protection is applied.
Warning
Microsoft does not recommend providing your user name and password directly, because it's an insecure pattern. Where possible, use more secure authentication flows, such as Managed Identities for Azure resources, or Windows authentication for SQL Server.
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<connectionStrings>
<add name="NorthwindConnectionString"
connectionString="Data Source=webnetue2;Initial Catalog=Northwind;User ID=aspnet_test;Password=test"
providerName="System.Data.SqlClient" />
</connectionStrings>
</configuration>
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<connectionStrings>
<EncryptedData>
<CipherData> <CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAcAMh0jIC1kigyFfd9AUZfQQAAAACAAAAAAADZgAAqAAAABAAAADQwbQ2DgIgIlqskE1RI9UpAAAAAASAAACgAAAAEAAAAAXlYBxi3jhM6wv4sxLhugsQAgAAgoReHZS2406dc/AyRDd6WuNr4ihHn6fbipd4tzHEmeuyS4o4fS4CmT3jMt/WjsP/kR7TF4ygwr2GG47podK79ECpVCZHAgctCauCYjE2Ls3iphKXy/pHic2o6aaClt/xPm+fb4OfODv6XjrJhJzGK2lqUPXkyJN1w2zwh6OVpDQF9N8vTyxL4eitp35/M5zYbW7e6VVAgYUOxlNxgCV5+jXpUKh/rPovopTD392u8KavqQFW1iu+gBPSPq/xeZNz+qYMKbUl+r4VTzBQg3fPlRxp1lNZmM2yRgUbkYPNaFb9ihS7GAg5/wZn8lLmThvq39eA0Vlp6hDE92iop885umELt0/NBKf5umQCqqz9EXXLbmmGc7qoLqTaYVuOmqx0LsvrJL0wSL1dSySCjmB/dNAtVUYgg02eWQNKyaLqnpMdCbTLLQ/oCKuNkL5OQ7t1yl5wQGjQhieIRzLtrMgpTSyaHbqDsRurp9Bc5mM078IAg1hXquQNKlJC/wiJ9kbHerFCbtuLGy/7nXVrFH91ud4U4ExCJEuhoTdmuql5kbqYd6Ye/bu2CftPni19nDkSJ8w4NoqMNKbK3Mi/Cd0o113HsVYlETMv1vlJWZWYP91PK9trixiY4E0G81c6IKITjHDrOJ9evdw2T1/TrvY6pzre3UXSJbFMDQVX6JoAxFk02SRZDKOZdRojeoX19lgrFAAAABzjlz3Qg2as3vn7MRQVxDfZucgE</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
<configProtectedData defaultProvider="RsaProtectedConfigurationProvider">
<providers>
<clear />
<add keyContainerName="NetFrameworkConfigurationKey" cspProviderName=""
useMachineContainer="true" useOAEP="false" description="Uses RsaCryptoServiceProvider to encrypt and decrypt"
name="RsaProtectedConfigurationProvider" type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<add useMachineProtection="true" description="Uses CryptProtectData and CryptUnProtectData Windows APIs to encrypt and decrypt"
keyEntropy="" name="DataProtectionConfigurationProvider" type="System.Configuration.DpapiProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</configProtectedData>
</configuration>
Remarks
The DpapiProtectedConfigurationProvider allows you to protect sensitive information stored in a configuration file from unauthorized access.
You use the standard DpapiProtectedConfigurationProvider by declaring the provider and appropriate settings in the configuration file rather than creating an instance of this class. Refer to the next example.
For more information about Protected Configuration, see Encrypting Configuration Information Using Protected Configuration.
The DpapiProtectedConfigurationProvider uses the Windows built-in cryptographic services and can be configured for either machine-specific or user-account-specific protection. Machine-specific protection is useful for anonymous services but provides less security. User-account-specific protection can be used with services that run with a specific user identity.
Constructors
| DpapiProtectedConfigurationProvider() |
Initializes a new instance of the DpapiProtectedConfigurationProvider class using default settings. |
Properties
| Description |
Gets a brief, friendly description suitable for display in administrative tools or other user interfaces (UIs). (Inherited from ProviderBase) |
| Name |
Gets the friendly name used to refer to the provider during configuration. (Inherited from ProviderBase) |
| UseMachineProtection |
Gets a value that indicates whether the DpapiProtectedConfigurationProvider object is using machine-specific or user-account-specific protection. |
Methods
| Decrypt(XmlNode) |
Decrypts the passed XmlNode object. |
| Encrypt(XmlNode) |
Encrypts the passed XmlNode object. |
| Equals(Object) |
Determines whether the specified object is equal to the current object. (Inherited from Object) |
| GetHashCode() |
Serves as the default hash function. (Inherited from Object) |
| GetType() |
Gets the Type of the current instance. (Inherited from Object) |
| Initialize(String, NameValueCollection) |
Initializes the provider with default settings. |
| MemberwiseClone() |
Creates a shallow copy of the current Object. (Inherited from Object) |
| ToString() |
Returns a string that represents the current object. (Inherited from Object) |
