IDataProtectionBuilder Interface

Reference

Definition

Namespace:: Microsoft.AspNetCore.DataProtection

Assembly:: Microsoft.AspNetCore.DataProtection.dll

Package:: Microsoft.AspNetCore.DataProtection v1.0.0

Package:: Microsoft.AspNetCore.DataProtection v1.1.0

Package:: Microsoft.AspNetCore.DataProtection v2.0.0

Package:: Microsoft.AspNetCore.DataProtection v2.1.0

Package:: Microsoft.AspNetCore.DataProtection v2.2.0

Package:: Microsoft.AspNetCore.DataProtection v3.0.3

Package:: Microsoft.AspNetCore.DataProtection v3.1.18

Package:: Microsoft.AspNetCore.DataProtection v5.0.9

Package:: Microsoft.AspNetCore.DataProtection v6.0.6

Package:: Microsoft.AspNetCore.DataProtection v7.0.5

Package:: Microsoft.AspNetCore.DataProtection v8.0.0

Source:: IDataProtectionBuilder.cs

Source:: IDataProtectionBuilder.cs

Source:: IDataProtectionBuilder.cs

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Provides access to configuration for the data protection system, which allows the developer to configure default cryptographic algorithms, key storage locations, and the mechanism by which keys are protected at rest.

public interface class IDataProtectionBuilder

public interface IDataProtectionBuilder

type IDataProtectionBuilder = interface

Public Interface IDataProtectionBuilder

Remarks

If the developer changes the at-rest key protection mechanism, it is intended that they also change the key storage location, and vice versa. For instance, a call to ProtectKeysWithCertificate(IDataProtectionBuilder, String) should generally be accompanied by a call to PersistKeysToFileSystem(IDataProtectionBuilder, DirectoryInfo), or exceptions may occur at runtime due to the data protection system not knowing where to persist keys.

Similarly, when a developer modifies the default protected payload cryptographic algorithms, they should also set an explicit key storage location. A call to UseCryptographicAlgorithms(IDataProtectionBuilder, AuthenticatedEncryptorConfiguration) should therefore generally be paired with a call to PersistKeysToFileSystem(IDataProtectionBuilder, DirectoryInfo), for example.

When the default cryptographic algorithms or at-rest key protection mechanisms are changed, they only affect new keys in the repository. The repository may contain existing keys that use older algorithms or protection mechanisms.

Properties

Services

Provides access to the IServiceCollection passed to this object's constructor.

Extension Methods

PersistKeysToAzureBlobStorage(IDataProtectionBuilder, CloudBlobContainer, String)	Configures the data protection system to persist keys to the specified path in Azure Blob Storage.
PersistKeysToAzureBlobStorage(IDataProtectionBuilder, CloudBlockBlob)	Configures the data protection system to persist keys to the specified path in Azure Blob Storage.
PersistKeysToAzureBlobStorage(IDataProtectionBuilder, CloudStorageAccount, String)	Configures the data protection system to persist keys to the specified path in Azure Blob Storage.
PersistKeysToAzureBlobStorage(IDataProtectionBuilder, CloudBlobContainer, String)	Configures the data protection system to persist keys to the specified path in Azure Blob Storage.
PersistKeysToAzureBlobStorage(IDataProtectionBuilder, CloudBlockBlob)	Configures the data protection system to persist keys to the specified path in Azure Blob Storage.
PersistKeysToAzureBlobStorage(IDataProtectionBuilder, CloudStorageAccount, String)	Configures the data protection system to persist keys to the specified path in Azure Blob Storage.
PersistKeysToAzureBlobStorage(IDataProtectionBuilder, Uri)	Configures the data protection system to persist keys to the specified path in Azure Blob Storage.
ProtectKeysWithAzureKeyVault(IDataProtectionBuilder, KeyVaultClient, String)	Configures the data protection system to protect keys with specified key in Azure KeyVault.
ProtectKeysWithAzureKeyVault(IDataProtectionBuilder, String, String, X509Certificate2)	Configures the data protection system to protect keys with specified key in Azure KeyVault.
ProtectKeysWithAzureKeyVault(IDataProtectionBuilder, String, String, String)	Configures the data protection system to protect keys with specified key in Azure KeyVault.
AddKeyEscrowSink(IDataProtectionBuilder, IKeyEscrowSink)	Registers a IKeyEscrowSink to perform escrow before keys are persisted to storage.
AddKeyEscrowSink(IDataProtectionBuilder, Func<IServiceProvider,IKeyEscrowSink>)	Registers a IKeyEscrowSink to perform escrow before keys are persisted to storage.
AddKeyEscrowSink<TImplementation>(IDataProtectionBuilder)	Registers a IKeyEscrowSink to perform escrow before keys are persisted to storage.
AddKeyManagementOptions(IDataProtectionBuilder, Action<KeyManagementOptions>)	Configures the key management options for the data protection system.
DisableAutomaticKeyGeneration(IDataProtectionBuilder)	Configures the data protection system not to generate new keys automatically.
PersistKeysToFileSystem(IDataProtectionBuilder, DirectoryInfo)	Configures the data protection system to persist keys to the specified directory. This path may be on the local machine or may point to a UNC share.
PersistKeysToRegistry(IDataProtectionBuilder, RegistryKey)	Configures the data protection system to persist keys to the Windows registry.
ProtectKeysWithCertificate(IDataProtectionBuilder, X509Certificate2)	Configures keys to be encrypted to a given certificate before being persisted to storage.
ProtectKeysWithCertificate(IDataProtectionBuilder, String)	Configures keys to be encrypted to a given certificate before being persisted to storage.
ProtectKeysWithDpapi(IDataProtectionBuilder)	Configures keys to be encrypted with Windows DPAPI before being persisted to storage. The encrypted key will only be decryptable by the current Windows user account.
ProtectKeysWithDpapi(IDataProtectionBuilder, Boolean)	Configures keys to be encrypted with Windows DPAPI before being persisted to storage.
ProtectKeysWithDpapiNG(IDataProtectionBuilder)	Configures keys to be encrypted with Windows CNG DPAPI before being persisted to storage. The keys will be decryptable by the current Windows user account.
ProtectKeysWithDpapiNG(IDataProtectionBuilder, String, DpapiNGProtectionDescriptorFlags)	Configures keys to be encrypted with Windows CNG DPAPI before being persisted to storage.
SetApplicationName(IDataProtectionBuilder, String)	Sets the unique name of this application within the data protection system.
SetDefaultKeyLifetime(IDataProtectionBuilder, TimeSpan)	Sets the default lifetime of keys created by the data protection system.
UnprotectKeysWithAnyCertificate(IDataProtectionBuilder, X509Certificate2[])	Configures certificates which can be used to decrypt keys loaded from storage.
UseCryptographicAlgorithms(IDataProtectionBuilder, AuthenticatedEncryptionSettings)	Configures the data protection system to use the specified cryptographic algorithms by default when generating protected payloads.
UseCryptographicAlgorithms(IDataProtectionBuilder, AuthenticatedEncryptorConfiguration)	Configures the data protection system to use the specified cryptographic algorithms by default when generating protected payloads.
UseCustomCryptographicAlgorithms(IDataProtectionBuilder, CngCbcAuthenticatedEncryptionSettings)	Configures the data protection system to use custom Windows CNG algorithms. This API is intended for advanced scenarios where the developer cannot use the algorithms specified in the EncryptionAlgorithm and ValidationAlgorithm enumerations.
UseCustomCryptographicAlgorithms(IDataProtectionBuilder, CngGcmAuthenticatedEncryptionSettings)	Configures the data protection system to use custom Windows CNG algorithms. This API is intended for advanced scenarios where the developer cannot use the algorithms specified in the EncryptionAlgorithm and ValidationAlgorithm enumerations.
UseCustomCryptographicAlgorithms(IDataProtectionBuilder, CngCbcAuthenticatedEncryptorConfiguration)	Configures the data protection system to use custom Windows CNG algorithms. This API is intended for advanced scenarios where the developer cannot use the algorithms specified in the EncryptionAlgorithm and ValidationAlgorithm enumerations.
UseCustomCryptographicAlgorithms(IDataProtectionBuilder, CngGcmAuthenticatedEncryptorConfiguration)	Configures the data protection system to use custom Windows CNG algorithms. This API is intended for advanced scenarios where the developer cannot use the algorithms specified in the EncryptionAlgorithm and ValidationAlgorithm enumerations.
UseCustomCryptographicAlgorithms(IDataProtectionBuilder, ManagedAuthenticatedEncryptorConfiguration)	Configures the data protection system to use custom algorithms. This API is intended for advanced scenarios where the developer cannot use the algorithms specified in the EncryptionAlgorithm and ValidationAlgorithm enumerations.
UseCustomCryptographicAlgorithms(IDataProtectionBuilder, ManagedAuthenticatedEncryptionSettings)	Configures the data protection system to use custom algorithms. This API is intended for advanced scenarios where the developer cannot use the algorithms specified in the EncryptionAlgorithm and ValidationAlgorithm enumerations.
UseEphemeralDataProtectionProvider(IDataProtectionBuilder)	Configures the data protection system to use the EphemeralDataProtectionProvider for data protection services.
PersistKeysToDbContext<TContext>(IDataProtectionBuilder)	Configures the data protection system to persist keys to an EntityFrameworkCore datastore
PersistKeysToRedis(IDataProtectionBuilder, IConnectionMultiplexer)	Configures the data protection system to persist keys to the default key ('DataProtection-Keys') in Redis database
PersistKeysToRedis(IDataProtectionBuilder, IConnectionMultiplexer, RedisKey)	Configures the data protection system to persist keys to the specified key in Redis database
PersistKeysToRedis(IDataProtectionBuilder, Func<IDatabase>, RedisKey)	Configures the data protection system to persist keys to specified key in Redis database
PersistKeysToStackExchangeRedis(IDataProtectionBuilder, IConnectionMultiplexer)	Configures the data protection system to persist keys to the default key ('DataProtection-Keys') in Redis database
PersistKeysToStackExchangeRedis(IDataProtectionBuilder, IConnectionMultiplexer, RedisKey)	Configures the data protection system to persist keys to the specified key in Redis database
PersistKeysToStackExchangeRedis(IDataProtectionBuilder, Func<IDatabase>, RedisKey)	Configures the data protection system to persist keys to specified key in Redis database

Applies to