Implementing a Protected Configuration Provider
Protected configuration enables you to encrypt sections of an ASP.NET application's Web.config file in order to protect sensitive information used by the application.This can improve the security of your application by making it difficult for an attacker to gain access to the sensitive information even if an attacker gains access to your Web.config file.ASP.NET inclui dois provedores de configuração protegida que podem ser usadas para criptografar seções de um arquivo Web.config: RsaProtectedConfigurationProvider, que usa o RSACryptoServiceProvider para criptografar seções de configuração, e DpapiProtectedConfigurationProvider, que usa a DPAPI (API de Proteção de Dados) do Windows para criptografar seções de configuração.
In some cases, you might need to encrypt information using an algorithm other than those available with the RSA or DPAPI providers.In that case, you can build a custom protected configuration provider to be used by ASP.NET.
Required Classes for Protected Configuration Providers
To implement a protected configuration provider, you create a class that inherits the ProtectedConfigurationProvider abstract class from the System.Configuration namespace.A classe abstrata ProtectedConfigurationProvider herda da classe abstrata ProviderBase do namespace System.Configuration.Provider, portanto você deve implementar os membros necessários da classe ProviderBase também.The following tables list the properties and methods that you must implement from the ProviderBase and ProtectedConfigurationProvider abstract classes.To see an implementation of each member, see Como: Compilar e executar o exemplo de provedor configuração protegida.
Membros ProviderBase Nescessários
Membro |
Descrição |
---|---|
Método Initialize |
Sets property values for the provider instance, including implementation-specific values and options supplied in the application configuration. Takes as input the name of the provider and a NameValueCollection of configuration settings. |
Required ProtectedConfigurationProvider Members
Membro |
Descrição |
---|---|
Método Encrypt |
Performs the encryption.Takes as input an XmlNode object containing the configuration section to be encrypted.For example, if the configuration section to be encrypted is the connectionStrings section, the XmlNode object represents XML data similar to the following example.
The Encrypt method encrypts the OuterXml value of the XmlNode object and returns an XmlNode object in which an EncryptedData element is the root element, as shown in the following example:
The format of the contents of the EncryptedData element is determined by your implementation.When the element is decrypted, ASP.NET will pass an XmlNode object to the Decrypt method, where the EncryptedData element is the root element. |
Método Decrypt |
Performs the decryption.Takes as input an XmlNode object containing the EncryptedData element of an encrypted configuration section.For example, if the connectionStrings section is the configuration section that was encrypted, the XmlNode object represents XML data similar to highlighted XML in the following example.
The Decrypt method decrypts the contents of the XmlNode object and returns an XmlNode object that represents the decrypted contents of the EncryptedDataXmlNode object.For example, if the connectionStrings section was encrypted, the Decrypt method returns an XmlNode object with XML data similar to the following example.
|
Provedor de Exemplo
For an example custom protected configuration provider that uses the TripleDESCryptoServiceProvider class to encrypt and decrypt sections of a Web.config file, see Como: Compilar e executar o exemplo de provedor configuração protegida.
Consulte também
Tarefas
Como: Compilar e executar o exemplo de provedor configuração protegida
Outros recursos
Criptografando informações de configuração usando configuração protegida