Edit

Share via


DpapiProtectedConfigurationProvider Class

Definition

Provides a ProtectedConfigurationProvider object that uses the Windows data protection API (DPAPI) to encrypt and decrypt configuration data.

public ref class DpapiProtectedConfigurationProvider sealed : System::Configuration::ProtectedConfigurationProvider
[System.Runtime.Versioning.SupportedOSPlatform("windows")]
public sealed class DpapiProtectedConfigurationProvider : System.Configuration.ProtectedConfigurationProvider
public sealed class DpapiProtectedConfigurationProvider : System.Configuration.ProtectedConfigurationProvider
[<System.Runtime.Versioning.SupportedOSPlatform("windows")>]
type DpapiProtectedConfigurationProvider = class
    inherit ProtectedConfigurationProvider
type DpapiProtectedConfigurationProvider = class
    inherit ProtectedConfigurationProvider
Public NotInheritable Class DpapiProtectedConfigurationProvider
Inherits ProtectedConfigurationProvider
Inheritance
DpapiProtectedConfigurationProvider
Attributes

Examples

The following example shows how to use the standard DpapiProtectedConfigurationProvider to protect or unprotect a configuration section.

The following configuration excerpts show the configuration section before and after the protection is applied.

Warning

Microsoft does not recommend providing your user name and password directly, because it's an insecure pattern. Where possible, use more secure authentication flows, such as Managed Identities for Azure resources, or Windows authentication for SQL Server.

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <connectionStrings>
    <add name="NorthwindConnectionString"
      connectionString="Data Source=webnetue2;Initial Catalog=Northwind;User ID=aspnet_test;Password=test"
      providerName="System.Data.SqlClient" />
  </connectionStrings>
</configuration>
<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <connectionStrings>
    <EncryptedData>
      <CipherData>                <CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAcAMh0jIC1kigyFfd9AUZfQQAAAACAAAAAAADZgAAqAAAABAAAADQwbQ2DgIgIlqskE1RI9UpAAAAAASAAACgAAAAEAAAAAXlYBxi3jhM6wv4sxLhugsQAgAAgoReHZS2406dc/AyRDd6WuNr4ihHn6fbipd4tzHEmeuyS4o4fS4CmT3jMt/WjsP/kR7TF4ygwr2GG47podK79ECpVCZHAgctCauCYjE2Ls3iphKXy/pHic2o6aaClt/xPm+fb4OfODv6XjrJhJzGK2lqUPXkyJN1w2zwh6OVpDQF9N8vTyxL4eitp35/M5zYbW7e6VVAgYUOxlNxgCV5+jXpUKh/rPovopTD392u8KavqQFW1iu+gBPSPq/xeZNz+qYMKbUl+r4VTzBQg3fPlRxp1lNZmM2yRgUbkYPNaFb9ihS7GAg5/wZn8lLmThvq39eA0Vlp6hDE92iop885umELt0/NBKf5umQCqqz9EXXLbmmGc7qoLqTaYVuOmqx0LsvrJL0wSL1dSySCjmB/dNAtVUYgg02eWQNKyaLqnpMdCbTLLQ/oCKuNkL5OQ7t1yl5wQGjQhieIRzLtrMgpTSyaHbqDsRurp9Bc5mM078IAg1hXquQNKlJC/wiJ9kbHerFCbtuLGy/7nXVrFH91ud4U4ExCJEuhoTdmuql5kbqYd6Ye/bu2CftPni19nDkSJ8w4NoqMNKbK3Mi/Cd0o113HsVYlETMv1vlJWZWYP91PK9trixiY4E0G81c6IKITjHDrOJ9evdw2T1/TrvY6pzre3UXSJbFMDQVX6JoAxFk02SRZDKOZdRojeoX19lgrFAAAABzjlz3Qg2as3vn7MRQVxDfZucgE</CipherValue>
      </CipherData>
    </EncryptedData>
  </connectionStrings>
  <configProtectedData defaultProvider="RsaProtectedConfigurationProvider">
    <providers>
      <clear />
      <add keyContainerName="NetFrameworkConfigurationKey" cspProviderName=""
        useMachineContainer="true" useOAEP="false" description="Uses RsaCryptoServiceProvider to encrypt and decrypt"
        name="RsaProtectedConfigurationProvider" type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
      <add useMachineProtection="true" description="Uses CryptProtectData and CryptUnProtectData Windows APIs to encrypt and decrypt"
        keyEntropy="" name="DataProtectionConfigurationProvider" type="System.Configuration.DpapiProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
    </providers>
  </configProtectedData>
</configuration>

Remarks

The DpapiProtectedConfigurationProvider allows you to protect sensitive information stored in a configuration file from unauthorized access.

You use the standard DpapiProtectedConfigurationProvider by declaring the provider and appropriate settings in the configuration file rather than creating an instance of this class. Refer to the next example.

For more information about Protected Configuration, see Encrypting Configuration Information Using Protected Configuration.

The DpapiProtectedConfigurationProvider uses the Windows built-in cryptographic services and can be configured for either machine-specific or user-account-specific protection. Machine-specific protection is useful for anonymous services but provides less security. User-account-specific protection can be used with services that run with a specific user identity.

Constructors

DpapiProtectedConfigurationProvider()

Initializes a new instance of the DpapiProtectedConfigurationProvider class using default settings.

Properties

Description

Gets a brief, friendly description suitable for display in administrative tools or other user interfaces (UIs).

(Inherited from ProviderBase)
Name

Gets the friendly name used to refer to the provider during configuration.

(Inherited from ProviderBase)
UseMachineProtection

Gets a value that indicates whether the DpapiProtectedConfigurationProvider object is using machine-specific or user-account-specific protection.

Methods

Decrypt(XmlNode)

Decrypts the passed XmlNode object.

Encrypt(XmlNode)

Encrypts the passed XmlNode object.

Equals(Object)

Determines whether the specified object is equal to the current object.

(Inherited from Object)
GetHashCode()

Serves as the default hash function.

(Inherited from Object)
GetType()

Gets the Type of the current instance.

(Inherited from Object)
Initialize(String, NameValueCollection)

Initializes the provider with default settings.

MemberwiseClone()

Creates a shallow copy of the current Object.

(Inherited from Object)
ToString()

Returns a string that represents the current object.

(Inherited from Object)

Applies to

See also