Bagikan melalui


DataProtector Kelas

Definisi

Menyediakan kelas dasar untuk pelindung data.

public ref class DataProtector abstract
public abstract class DataProtector
type DataProtector = class
Public MustInherit Class DataProtector
Warisan
DataProtector
Turunan

Contoh

Contoh berikut menunjukkan cara membuat pelindung data yang menggunakan kelas perlindungan dengan opsi untuk entropi tambahan. Secara default, DataProtector kelas menambahkan hash properti tujuan ke data yang akan dienkripsi. Anda dapat menonaktifkan fungsionalitas tersebut dan menggunakan tujuan hash sebagai entropi tambahan saat memanggil pelindung data dengan opsi entropi tambahan.

using System;
using System.Security.Permissions;

namespace System.Security.Cryptography
{
    public sealed class MyDataProtector : DataProtector
    {
        public DataProtectionScope Scope { get; set; }
        // This implementation gets the HashedPurpose from the base class and passes it as OptionalEntropy to ProtectedData.
        // The default for DataProtector is to prepend the hash to the plain text, but because we are using the hash
        // as OptionalEntropy there is no need to prepend it.
        protected override bool PrependHashedPurposeToPlaintext
        {
            get
            {
                return false;
            }
        }
        // To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission
        // in the constructor, but Assert the permission when ProviderProtect is called.  This is similar to FileStream
        // where access is checked at time of creation, not time of use.
        [SecuritySafeCritical]
        [DataProtectionPermission(SecurityAction.Assert, ProtectData = true)]
        protected override byte[] ProviderProtect(byte[] userData)
        {
            // Delegate to ProtectedData
            return ProtectedData.Protect(userData, GetHashedPurpose(), Scope);
        }
        // To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission
        // in the constructor, but Assert the permission when ProviderUnProtect is called.  This is similar to FileStream
        // where access is checked at time of creation, not time of use.
        [SecuritySafeCritical]
        [DataProtectionPermission(SecurityAction.Assert, UnprotectData = true)]
        protected override byte[] ProviderUnprotect(byte[] encryptedData)
        {
            // Delegate to ProtectedData
            return ProtectedData.Unprotect(encryptedData, GetHashedPurpose(), Scope);
        }
        public override bool IsReprotectRequired(byte[] encryptedData)
        {
            // For now, this cannot be determined, so always return true;
            return true;
        }
        // Public constructor
        // The Demand for DataProtectionPermission is in the constructor because we Assert this permission
        // in the ProviderProtect/ProviderUnprotect methods.
        [DataProtectionPermission(SecurityAction.Demand, Unrestricted = true)]
        [SecuritySafeCritical]
        public MyDataProtector(string appName, string primaryPurpose, params string[] specificPurpose)
            : base(appName, primaryPurpose, specificPurpose)
        {
        }
    }
}
Imports System.Security
Imports System.Security.Cryptography
Imports System.Security.Permissions



Public NotInheritable Class MyDataProtector
    Inherits DataProtector

    Public Property Scope() As DataProtectionScope
        Get
            Return Scope
        End Get
        Set(value As DataProtectionScope)
        End Set
    End Property ' This implementation gets the HashedPurpose from the base class and passes it as OptionalEntropy to ProtectedData.
    ' The default for DataProtector is to prepend the hash to the plain text, but because we are using the hash 
    ' as OptionalEntropy there is no need to prepend it.

    Protected Overrides ReadOnly Property PrependHashedPurposeToPlaintext() As Boolean
        Get
            Return False
        End Get
    End Property

    ' To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission 
    ' in the constructor, but Assert the permission when ProviderProtect is called.  This is similar to FileStream
    ' where access is checked at time of creation, not time of use.
    <SecuritySafeCritical(), DataProtectionPermission(SecurityAction.Assert, ProtectData:=True)> _
    Protected Overrides Function ProviderProtect(ByVal userData() As Byte) As Byte()
        ' Delegate to ProtectedData
        Return ProtectedData.Protect(userData, GetHashedPurpose(), Scope)

    End Function 'ProviderProtect

    ' To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission 
    ' in the constructor, but Assert the permission when ProviderUnProtect is called.  This is similar to FileStream
    ' where access is checked at time of creation, not time of use.
    <SecuritySafeCritical(), DataProtectionPermission(SecurityAction.Assert, UnprotectData:=True)> _
    Protected Overrides Function ProviderUnprotect(ByVal encryptedData() As Byte) As Byte()
        ' Delegate to ProtectedData
        Return ProtectedData.Unprotect(encryptedData, GetHashedPurpose(), Scope)

    End Function 'ProviderUnprotect

    Public Overrides Function IsReprotectRequired(ByVal encryptedData() As Byte) As Boolean
        ' For now, this cannot be determined, so always return true;
        Return True

    End Function 'IsReprotectRequired

    ' Public constructor
    ' The Demand for DataProtectionPermission is in the constructor because we Assert this permission 
    ' in the ProviderProtect/ProviderUnprotect methods. 
    <DataProtectionPermission(SecurityAction.Demand, Unrestricted:=True), SecuritySafeCritical()> _
    Public Sub New(ByVal appName As String, ByVal primaryPurpose As String, ParamArray specificPurpose() As String)
        MyBase.New(appName, primaryPurpose, specificPurpose)

    End Sub
End Class

Contoh berikut menunjukkan pelindung data sederhana yang menggunakan PrependHashedPurposeToPlaintext fungsionalitas DataProtector kelas.

using System;
using System.Security.Permissions;

namespace System.Security.Cryptography
{
    public sealed class MemoryProtector : DataProtector
    {
        public MemoryProtectionScope Scope { get; set; }
        protected override bool PrependHashedPurposeToPlaintext
        {
            get
            {
                // Signal the DataProtector to prepend the hash of the purpose to the data.
                return true;
            }
        }
        // To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission
        // in the constructor, but Assert the permission when ProviderProtect is called.  This is similar to FileStream
        // where access is checked at time of creation, not time of use.
        [SecuritySafeCritical]
        [DataProtectionPermission(SecurityAction.Assert, ProtectData = true)]
        protected override byte[] ProviderProtect(byte[] userData)
        {

            // Delegate to ProtectedData
            ProtectedMemory.Protect(userData, Scope);
            return userData;
        }
        // To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission
        // in the constructor, but Assert the permission when ProviderUnprotect is called..  This is similar to FileStream
        // where access is checked at time of creation, not time of use.
        [SecuritySafeCritical]
        [DataProtectionPermission(SecurityAction.Assert, UnprotectData = true)]
        protected override byte[] ProviderUnprotect(byte[] encryptedData)
        {

            ProtectedMemory.Unprotect(encryptedData,Scope);
                return encryptedData;
        }

        public override bool IsReprotectRequired(byte[] encryptedData)
        {
            // For now, this cannot be determined so always return true.
            return true;
        }
        // Public constructor
        // The Demand for DataProtectionPermission is in the constructor because we Assert this permission
        // in the ProviderProtect/ProviderUnprotect methods.
        [DataProtectionPermission(SecurityAction.Demand, Unrestricted = true)]
        [SecuritySafeCritical]
        public MemoryProtector(string appName, string primaryPurpose, params string[] specificPurpose)
            : base(appName, primaryPurpose, specificPurpose)
        {
        }
    }
}
Imports System.Security
Imports System.Security.Permissions
Imports System.Security.Cryptography



Public NotInheritable Class MemoryProtector
    Inherits DataProtector

    Public Property Scope() As MemoryProtectionScope
        Get
            Return Scope
        End Get
        Set(value As MemoryProtectionScope)
        End Set
    End Property

    Protected Overrides ReadOnly Property PrependHashedPurposeToPlaintext() As Boolean
        Get
            ' Signal the DataProtector to prepend the hash of the purpose to the data.
            Return True
        End Get
    End Property

    ' To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission 
    ' in the constructor, but Assert the permission when ProviderProtect is called.  This is similar to FileStream
    ' where access is checked at time of creation, not time of use.
    <SecuritySafeCritical(), DataProtectionPermission(SecurityAction.Assert, ProtectData:=True)> _
    Protected Overrides Function ProviderProtect(ByVal userData() As Byte) As Byte()

        ' Delegate to ProtectedData
        ProtectedMemory.Protect(userData, Scope)
        Return userData

    End Function 'ProviderProtect

    ' To allow a service to hand out instances of a DataProtector we demand unrestricted DataProtectionPermission 
    ' in the constructor, but Assert the permission when ProviderUnprotect is called..  This is similar to FileStream
    ' where access is checked at time of creation, not time of use.
    <SecuritySafeCritical(), DataProtectionPermission(SecurityAction.Assert, UnprotectData:=True)> _
    Protected Overrides Function ProviderUnprotect(ByVal encryptedData() As Byte) As Byte()

        ProtectedMemory.Unprotect(encryptedData, Scope)
        Return encryptedData

    End Function 'ProviderUnprotect

    Public Overrides Function IsReprotectRequired(ByVal encryptedData() As Byte) As Boolean
        ' For now, this cannot be determined so always return true.
        Return True

    End Function 'IsReprotectRequired

    ' Public constructor
    ' The Demand for DataProtectionPermission is in the constructor because we Assert this permission 
    ' in the ProviderProtect/ProviderUnprotect methods. 
    <DataProtectionPermission(SecurityAction.Demand, Unrestricted:=True), SecuritySafeCritical()> _
    Public Sub New(ByVal appName As String, ByVal primaryPurpose As String, ParamArray specificPurpose() As String)
        MyBase.New(appName, primaryPurpose, specificPurpose)

    End Sub
End Class

Keterangan

Kelas ini melindungi data yang disimpan dari melihat dan mengubah. Akses ke data yang dilindungi diperoleh dengan membuat instans kelas ini dan menggunakan string tujuan yang tepat yang digunakan untuk melindungi data. Pemanggil tidak memerlukan kunci untuk melindungi atau membuka proteksi data. Kunci disediakan oleh algoritma enkripsi.

Kelas turunan harus mengambil alih ProviderProtect metode dan Unprotect , yang dipanggil DataProtector kembali oleh kelas dasar. Mereka juga harus mengambil alih IsReprotectRequired metode , yang selalu dapat kembali true dengan potensi kehilangan kecil efisiensi ketika aplikasi me-refresh database teks sandi yang disimpan. Kelas turunan harus menyediakan konstruktor yang memanggil konstruktor kelas dasar, yang mengatur ApplicationNameproperti , SpecificPurposes, dan PrimaryPurpose .

Konstruktor

DataProtector(String, String, String[])

Membuat instans DataProtector baru kelas dengan menggunakan nama aplikasi yang disediakan, tujuan utama, dan tujuan tertentu.

Properti

ApplicationName

Mendapatkan nama aplikasi.

PrependHashedPurposeToPlaintext

Menentukan apakah hash telah ditambahkan sebelumnya ke array teks sebelum enkripsi.

PrimaryPurpose

Mendapatkan tujuan utama untuk data yang dilindungi.

SpecificPurposes

Mendapatkan tujuan khusus untuk data yang dilindungi.

Metode

Create(String, String, String, String[])

Membuat instans implementasi pelindung data dengan menggunakan nama kelas yang ditentukan dari pelindung data, nama aplikasi, tujuan utama, dan tujuan tertentu.

Equals(Object)

Menentukan apakah objek yang ditentukan sama dengan objek saat ini.

(Diperoleh dari Object)
GetHashCode()

Berfungsi sebagai fungsi hash default.

(Diperoleh dari Object)
GetHashedPurpose()

Membuat hash nilai properti yang ditentukan oleh konstruktor.

GetType()

Mendapatkan instans Type saat ini.

(Diperoleh dari Object)
IsReprotectRequired(Byte[])

Menentukan apakah enkripsi ulang diperlukan untuk data terenkripsi yang ditentukan.

MemberwiseClone()

Membuat salinan dangkal dari yang saat ini Object.

(Diperoleh dari Object)
Protect(Byte[])

Melindungi data pengguna yang ditentukan.

ProviderProtect(Byte[])

Menentukan metode delegasi di kelas turunan tempat Protect(Byte[]) metode di kelas dasar memanggil kembali.

ProviderUnprotect(Byte[])

Menentukan metode delegasi di kelas turunan tempat Unprotect(Byte[]) metode di kelas dasar memanggil kembali.

ToString()

Mengembalikan string yang mewakili objek saat ini.

(Diperoleh dari Object)
Unprotect(Byte[])

Tidak melindungi data yang dilindungi yang ditentukan.

Berlaku untuk