RsaProtectedConfigurationProvider 类
定义
重要
一些信息与预发行产品相关,相应产品在发行之前可能会进行重大修改。 对于此处提供的信息,Microsoft 不作任何明示或暗示的担保。
提供使用 RSA 加密对配置数据进行加密和解密的 ProtectedConfigurationProvider 实例。
public ref class RsaProtectedConfigurationProvider sealed : System::Configuration::ProtectedConfigurationProviderpublic sealed class RsaProtectedConfigurationProvider : System.Configuration.ProtectedConfigurationProvidertype RsaProtectedConfigurationProvider = class
inherit ProtectedConfigurationProviderPublic NotInheritable Class RsaProtectedConfigurationProvider
Inherits ProtectedConfigurationProvider- 继承
示例
以下示例演示如何使用标准 RsaProtectedConfigurationProvider 来保护或取消保护配置节。
using System;
using System.Configuration;
public class UsingRsaProtectedConfigurationProvider
{
// Protect the connectionStrings section.
private static void ProtectConfiguration()
{
// Get the application configuration file.
System.Configuration.Configuration config =
ConfigurationManager.OpenExeConfiguration(
ConfigurationUserLevel.None);
// Define the Rsa provider name.
string provider =
"RsaProtectedConfigurationProvider";
// Get the section to protect.
ConfigurationSection connStrings =
config.ConnectionStrings;
if (connStrings != null)
{
if (!connStrings.SectionInformation.IsProtected)
{
if (!connStrings.ElementInformation.IsLocked)
{
// Protect the section.
connStrings.SectionInformation.ProtectSection(provider);
connStrings.SectionInformation.ForceSave = true;
config.Save(ConfigurationSaveMode.Full);
Console.WriteLine("Section {0} is now protected by {1}",
connStrings.SectionInformation.Name,
connStrings.SectionInformation.ProtectionProvider.Name);
}
else
Console.WriteLine(
"Can't protect, section {0} is locked",
connStrings.SectionInformation.Name);
}
else
Console.WriteLine(
"Section {0} is already protected by {1}",
connStrings.SectionInformation.Name,
connStrings.SectionInformation.ProtectionProvider.Name);
}
else
Console.WriteLine("Can't get the section {0}",
connStrings.SectionInformation.Name);
}
// Unprotect the connectionStrings section.
private static void UnProtectConfiguration()
{
// Get the application configuration file.
System.Configuration.Configuration config =
ConfigurationManager.OpenExeConfiguration(
ConfigurationUserLevel.None);
// Get the section to unprotect.
ConfigurationSection connStrings =
config.ConnectionStrings;
if (connStrings != null)
{
if (connStrings.SectionInformation.IsProtected)
{
if (!connStrings.ElementInformation.IsLocked)
{
// Unprotect the section.
connStrings.SectionInformation.UnprotectSection();
connStrings.SectionInformation.ForceSave = true;
config.Save(ConfigurationSaveMode.Full);
Console.WriteLine("Section {0} is now unprotected.",
connStrings.SectionInformation.Name);
}
else
Console.WriteLine(
"Can't unprotect, section {0} is locked",
connStrings.SectionInformation.Name);
}
else
Console.WriteLine(
"Section {0} is already unprotected.",
connStrings.SectionInformation.Name);
}
else
Console.WriteLine("Can't get the section {0}",
connStrings.SectionInformation.Name);
}
public static void Main(string[] args)
{
string selection = string.Empty;
if (args.Length == 0)
{
Console.WriteLine(
"Select protect or unprotect");
return;
}
selection = args[0].ToLower();
switch (selection)
{
case "protect":
ProtectConfiguration();
break;
case "unprotect":
UnProtectConfiguration();
break;
default:
Console.WriteLine("Unknown selection");
break;
}
Console.Read();
}
}
Imports System.Configuration
Public Class UsingRsaProtectedConfigurationProvider
' Protect the connectionStrings section.
Private Shared Sub ProtectConfiguration()
' Get the application configuration file.
Dim config As System.Configuration.Configuration = _
ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None)
' Define the Rsa provider name.
Dim provider As String = _
"RsaProtectedConfigurationProvider"
' Get the section to protect.
Dim connStrings As ConfigurationSection = _
config.ConnectionStrings
If Not (connStrings Is Nothing) Then
If Not connStrings.SectionInformation.IsProtected Then
If Not connStrings.ElementInformation.IsLocked Then
' Protect the section.
connStrings.SectionInformation.ProtectSection(provider)
connStrings.SectionInformation.ForceSave = True
config.Save(ConfigurationSaveMode.Full)
Console.WriteLine( _
"Section {0} is now protected by {1}", _
connStrings.SectionInformation.Name, _
connStrings.SectionInformation.ProtectionProvider.Name)
Else
Console.WriteLine( _
"Can't protect, section {0} is locked", _
connStrings.SectionInformation.Name)
End If
Else
Console.WriteLine( _
"Section {0} is already protected by {1}", _
connStrings.SectionInformation.Name, _
connStrings.SectionInformation.ProtectionProvider.Name)
End If
Else
Console.WriteLine( _
"Can't get the section {0}", _
connStrings.SectionInformation.Name)
End If
End Sub
' Unprotect the connectionStrings section.
Private Shared Sub UnProtectConfiguration()
' Get the application configuration file.
Dim config As System.Configuration.Configuration = _
ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None)
' Get the section to unprotect.
Dim connStrings As ConfigurationSection = _
config.ConnectionStrings
If Not (connStrings Is Nothing) Then
If connStrings.SectionInformation.IsProtected Then
If Not connStrings.ElementInformation.IsLocked Then
' Unprotect the section.
connStrings.SectionInformation.UnprotectSection()
connStrings.SectionInformation.ForceSave = True
config.Save(ConfigurationSaveMode.Full)
Console.WriteLine( _
"Section {0} is now unprotected.", _
connStrings.SectionInformation.Name)
Else
Console.WriteLine( _
"Can't unprotect, section {0} is locked", _
connStrings.SectionInformation.Name)
End If
Else
Console.WriteLine( _
"Section {0} is already unprotected.", _
connStrings.SectionInformation.Name)
End If
Else
Console.WriteLine( _
"Can't get the section {0}", _
connStrings.SectionInformation.Name)
End If
End Sub
Public Shared Sub Main(ByVal args() As String)
Dim selection As String = String.Empty
If args.Length = 0 Then
Console.WriteLine( _
"Select protect or unprotect")
Return
End If
selection = args(0).ToLower()
Select Case selection
Case "protect"
ProtectConfiguration()
Case "unprotect"
UnProtectConfiguration()
Case Else
Console.WriteLine( _
"Unknown selection")
End Select
Console.Read()
End Sub
End Class
以下示例显示加密后配置文件的摘录。
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>B702tRDVHJjC3CYXt7I0ucCDjdht/Vyk/DdUhwQyt7vepSD85dwCP8ox9Y1BUdjajFeTFfFBsGypbli5HPGRYamQdrVkPo07bBBXNT5H02qxREguGUU4iDtV1Xp8BLVZjQMV4ZgP6Wbctw2xRvPC7GvKHLI4fUN/Je5LmutsijA=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>ME+XJA2TAj3QN3yT4pJq3sRArC0i7Cz3Da71BkaRe9QNfuVuUjcv0jeGUN4wDdOAZ7LPq6UpVrpirY3kQcALDvPJ5nKxk++Mw75rjtIO8eh2goTY9rCK6zanfzaDshFy7IqItpvs/y2kmij25nM3ury6uO0hCf0UbEL1mbT2jXDqvcrHZUobO1Ef6bygBZ/8HpU+VfF9CTCob/BBE9zUkK37EQhcduwsnzBvDblYbF/Rd+F4lxAkZnecGLfCZjOzJB4xH1a0vvWtPR7zNwL/7I0uHzQjyMdWrkBnotMjoR70R7NELBotCogWO0MBimncKigdR3dTTdrCd72a7UJ4LMlEQaZXGIJp4PIg6qVDHII=</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
</configuration>
注解
类 RsaProtectedConfigurationProvider 提供了一种加密存储在配置文件中的敏感信息的方法,这有助于防止未经授权的访问。 通过使用内置 RsaProtectedConfigurationProvider 实例,可以在配置文件中声明提供程序并做出适当的设置,而不是创建此类的实例,如示例部分所示。
对象 RsaProtectedConfigurationProvider 使用 类提供的 RSA 加密函数来加密和解密配置节。
注意
在 ASP.NET 可以解密配置文件中的加密信息之前,ASP.NET 应用程序的标识必须对用于加密和解密配置数据的加密密钥具有读取访问权限。 有关详细信息,请参阅 演练:使用受保护的配置加密配置信息。
注意
在 .NET Core 和 .NET 5+ 上, RsaProtectedConfigurationProvider 不支持 类型。 所有 API 在运行时都会引发 PlatformNotSupportedException 。
构造函数
| RsaProtectedConfigurationProvider() |
初始化 RsaProtectedConfigurationProvider 类的新实例。 |
属性
| CspProviderName |
获取 Windows 加密 API(加密 API)加密服务提供程序 (CSP) 的名称。 |
| Description |
获取一条简短的易懂描述,它适合在管理工具或其他用户界面 (UI) 中显示。 (继承自 ProviderBase) |
| KeyContainerName |
获取密钥容器的名称。 |
| Name |
获得一个友好名称,用于在配置过程中引用提供程序。 (继承自 ProviderBase) |
| RsaPublicKey |
获取提供程序使用的公钥。 |
| UseFIPS |
获取一个值,该值指示句柄是否已关闭。 |
| UseMachineContainer |
获取一个值,该值指示 RsaProtectedConfigurationProvider 对象是否正在使用计算机密钥容器。 |
| UseOAEP |
获取一个值,该值指示提供程序是否正在使用最优不对称加密填充 (OAEP) 密钥交换数据。 |
方法
| AddKey(Int32, Boolean) |
将密钥添加到 RSA 密钥容器中。 |
| Decrypt(XmlNode) |
解密传递给它的 XML 节点。 |
| DeleteKey() |
从 RSA 密钥容器中移除密钥。 |
| Encrypt(XmlNode) |
加密传递给它的 XML 节点。 |
| Equals(Object) |
确定指定对象是否等于当前对象。 (继承自 Object) |
| ExportKey(String, Boolean) |
从密钥容器中导出 RSA 密钥。 |
| GetHashCode() |
作为默认哈希函数。 (继承自 Object) |
| GetType() |
获取当前实例的 Type。 (继承自 Object) |
| ImportKey(String, Boolean) |
将 RSA 密钥导入到密钥容器中。 |
| Initialize(String, NameValueCollection) |
使用默认设置初始化提供程序。 |
| Initialize(String, NameValueCollection) |
初始化配置生成器。 (继承自 ProviderBase) |
| MemberwiseClone() |
创建当前 Object 的浅表副本。 (继承自 Object) |
| ToString() |
返回表示当前对象的字符串。 (继承自 Object) |
