Share via


Using the data protection API (XAML)

The DataProtectionProvider class in the Windows.Security.Cryptography.DataProtection namespace provides a simplified way to encrypt and decrypt digital data. You can use the class to protect data to any of the following:

  • You can use a SID to protect data to an Active Directory (AD) security principal like an AD group. Any member of the group can decrypt the data.
  • You can protect data to the current user.
  • You can protect data to the credentials (password) used during logon to a website.

To protect data, when you create a DataProtectionProvider object you must specify a protection descriptor before calling ProtectAsync or ProtectStreamAsync. The following example shows possible sample protection descriptors.

    "SID=S-1-5-21-4392301 AND SID=S-1-5-21-3101812"
    "SDDL=O:S-1-5-5-0-290724G:SYD:(A;;CCDC;;;S-1-5-5-0-290724)(A;;DC;;;WD)"
    "LOCAL=user"
    "LOCAL=machine"
    "WEBCREDENTIALS=MyPasswordName"
    "WEBCREDENTIALS=MyPasswordName,myweb.com"

For examples, see the following topics:

Encrypting data and working with certificates