ProtectedConfigurationProvider Classe

Definição

A classe base para criar provedores para criptografar e descriptografar dados de configuração protegidos.The base class to create providers for encrypting and decrypting protected configuration data.

public ref class ProtectedConfigurationProvider abstract : System::Configuration::Provider::ProviderBase
public abstract class ProtectedConfigurationProvider : System.Configuration.Provider.ProviderBase
type ProtectedConfigurationProvider = class
    inherit ProviderBase
Public MustInherit Class ProtectedConfigurationProvider
Inherits ProviderBase
Herança
ProtectedConfigurationProvider
Derivado

Exemplos

O exemplo a seguir mostra como implementar um ProtectedConfigurationProviderpersonalizado.The following example shows how to implement a custom ProtectedConfigurationProvider.

Para poder configurar esse provedor, conforme mostrado no próximo trecho de configuração, você deve instalá-lo no GAC (cache de assembly global).To be able to configure this provider, as shown in the next configuration excerpt, you must install it in the Global Assembly Cache (GAC). Consulte implementando um provedor de configuração protegida para obter mais informações.Refer to Implementing a Protected Configuration Provider for more information.

using System;
using System.Xml;
using System.Security.Cryptography;
using System.IO;
using System.Text;
using System.Configuration.Provider;
using System.Collections.Specialized;
using System.Configuration;

namespace Samples.AspNet
{
    // Shows how to create a custom protected configuration
    // provider.
    public class TripleDESProtectedConfigurationProvider :
        ProtectedConfigurationProvider
    {

        private TripleDESCryptoServiceProvider des =
            new TripleDESCryptoServiceProvider();

        private string pKeyFilePath;
        private string pName;

        // Gets the path of the file
        // containing the key used to
        // encryption or decryption.
        public string KeyFilePath
        {
            get { return pKeyFilePath; }
        }

        // Gets the provider name.
        public override string Name
        {
            get { return pName; }
        }

        // Performs provider initialization.
        public override void Initialize(string name,
            NameValueCollection config)
        {
            pName = name;
            pKeyFilePath = config["keyContainerName"];
            ReadKey(KeyFilePath);
        }

        // Performs encryption.
        public override XmlNode Encrypt(XmlNode node)
        {
            string encryptedData = EncryptString(node.OuterXml);

            XmlDocument xmlDoc = new XmlDocument();
            xmlDoc.PreserveWhitespace = true;
            xmlDoc.LoadXml("<EncryptedData>" +
                encryptedData + "</EncryptedData>");

            return xmlDoc.DocumentElement;
        }

        // Performs decryption.
        public override XmlNode Decrypt(XmlNode encryptedNode)
        {
            string decryptedData =
                DecryptString(encryptedNode.InnerText);

            XmlDocument xmlDoc = new XmlDocument();
            xmlDoc.PreserveWhitespace = true;
            xmlDoc.LoadXml(decryptedData);

            return xmlDoc.DocumentElement;
        }

        // Encrypts a configuration section and returns 
        // the encrypted XML as a string.
        private string EncryptString(string encryptValue)
        {
            byte[] valBytes =
                Encoding.Unicode.GetBytes(encryptValue);

            ICryptoTransform transform = des.CreateEncryptor();

            MemoryStream ms = new MemoryStream();
            CryptoStream cs = new CryptoStream(ms,
                transform, CryptoStreamMode.Write);
            cs.Write(valBytes, 0, valBytes.Length);
            cs.FlushFinalBlock();
            byte[] returnBytes = ms.ToArray();
            cs.Close();

            return Convert.ToBase64String(returnBytes);
        }

        // Decrypts an encrypted configuration section and 
        // returns the unencrypted XML as a string.
        private string DecryptString(string encryptedValue)
        {
            byte[] valBytes =
                Convert.FromBase64String(encryptedValue);

            ICryptoTransform transform = des.CreateDecryptor();

            MemoryStream ms = new MemoryStream();
            CryptoStream cs = new CryptoStream(ms,
                transform, CryptoStreamMode.Write);
            cs.Write(valBytes, 0, valBytes.Length);
            cs.FlushFinalBlock();
            byte[] returnBytes = ms.ToArray();
            cs.Close();

            return Encoding.Unicode.GetString(returnBytes);
        }

        // Generates a new TripleDES key and vector and 
        // writes them to the supplied file path.
        public void CreateKey(string filePath)
        {
            des.GenerateKey();
            des.GenerateIV();

            StreamWriter sw = new StreamWriter(filePath, false);
            sw.WriteLine(ByteToHex(des.Key));
            sw.WriteLine(ByteToHex(des.IV));
            sw.Close();
        }

        // Reads in the TripleDES key and vector from 
        // the supplied file path and sets the Key 
        // and IV properties of the 
        // TripleDESCryptoServiceProvider.
        private void ReadKey(string filePath)
        {
            StreamReader sr = new StreamReader(filePath);
            string keyValue = sr.ReadLine();
            string ivValue = sr.ReadLine();
            des.Key = HexToByte(keyValue);
            des.IV = HexToByte(ivValue);
        }

        // Converts a byte array to a hexadecimal string.
        private string ByteToHex(byte[] byteArray)
        {
            string outString = "";

            foreach (Byte b in byteArray)
                outString += b.ToString("X2");

            return outString;
        }

        // Converts a hexadecimal string to a byte array.
        private byte[] HexToByte(string hexString)
        {
            byte[] returnBytes = new byte[hexString.Length / 2];
            for (int i = 0; i < returnBytes.Length; i++)
                returnBytes[i] =
                    Convert.ToByte(hexString.Substring(i * 2, 2), 16);
            return returnBytes;
        }
    }
}
Imports System.Xml
Imports System.Security.Cryptography
Imports System.IO
Imports System.Text
Imports System.Configuration.Provider
Imports System.Collections.Specialized
Imports System.Configuration


' Shows how to create a custom protected configuration
' provider.
Namespace Samples.AspNet

    Public Class TripleDESProtectedConfigurationProvider
        Inherits ProtectedConfigurationProvider

        Private des _
        As New TripleDESCryptoServiceProvider()

        Private pKeyFilePath As String
        Private pName As String

        ' Gets the path of the file
        ' containing the key used to
        ' encrypt/decrypt.

        Public ReadOnly Property KeyFilePath() As String
            Get
                Return pKeyFilePath
            End Get
        End Property

        ' Gets the provider name.

        Public Overrides ReadOnly Property Name() As String
            Get
                Return pName
            End Get
        End Property


        ' Performs provider initialization.
        Public Overrides Sub Initialize( _
        ByVal name As String, _
        ByVal config As NameValueCollection)
            pName = name
            pKeyFilePath = config("keyContainerName")
            ReadKey(KeyFilePath)
        End Sub


        ' Performs encryption.
        Public Overrides Function Encrypt( _
        ByVal node As XmlNode) As XmlNode
            Dim encryptedData As String = _
            EncryptString(node.OuterXml)

            Dim xmlDoc As New XmlDocument()
            xmlDoc.PreserveWhitespace = True
            xmlDoc.LoadXml( _
            ("<EncryptedData>" + encryptedData + _
            "</EncryptedData>"))

            Return xmlDoc.DocumentElement
        End Function 'Encrypt

        ' Performs decryption.
        Public Overrides Function Decrypt( _
        ByVal encryptedNode As XmlNode) As XmlNode
            Dim decryptedData As String = _
            DecryptString(encryptedNode.InnerText)

            Dim xmlDoc As New XmlDocument()
            xmlDoc.PreserveWhitespace = True
            xmlDoc.LoadXml(decryptedData)

            Return xmlDoc.DocumentElement
        End Function 'Decrypt



        ' Encrypts a configuration section and returns 
        ' the encrypted XML as a string.
        Private Function EncryptString( _
        ByVal encryptValue As String) As String
            Dim valBytes As Byte() = _
            Encoding.Unicode.GetBytes(encryptValue)

            Dim transform As ICryptoTransform = _
            des.CreateEncryptor()

            Dim ms As New MemoryStream()
            Dim cs As New CryptoStream(ms, _
            transform, CryptoStreamMode.Write)
            cs.Write(valBytes, 0, valBytes.Length)
            cs.FlushFinalBlock()
            Dim returnBytes As Byte() = ms.ToArray()
            cs.Close()

            Return Convert.ToBase64String(returnBytes)
        End Function 'EncryptString



        ' Decrypts an encrypted configuration section and 
        ' returns the unencrypted XML as a string.
        Private Function DecryptString( _
        ByVal encryptedValue As String) As String
            Dim valBytes As Byte() = _
            Convert.FromBase64String(encryptedValue)

            Dim transform As ICryptoTransform = _
            des.CreateDecryptor()

            Dim ms As New MemoryStream()
            Dim cs As New CryptoStream(ms, _
            transform, CryptoStreamMode.Write)
            cs.Write(valBytes, 0, valBytes.Length)
            cs.FlushFinalBlock()
            Dim returnBytes As Byte() = ms.ToArray()
            cs.Close()

            Return Encoding.Unicode.GetString(returnBytes)
        End Function 'DecryptString


        ' Generates a new TripleDES key and vector and 
        ' writes them to the supplied file path.
        Public Sub CreateKey(ByVal filePath As String)
            des.GenerateKey()
            des.GenerateIV()

            Dim sw As New StreamWriter(filePath, False)
            sw.WriteLine(ByteToHex(des.Key))
            sw.WriteLine(ByteToHex(des.IV))
            sw.Close()
        End Sub



        ' Reads in the TripleDES key and vector from 
        ' the supplied file path and sets the Key 
        ' and IV properties of the 
        ' TripleDESCryptoServiceProvider.
        Private Sub ReadKey(ByVal filePath As String)
            Dim sr As New StreamReader(filePath)
            Dim keyValue As String = sr.ReadLine()
            Dim ivValue As String = sr.ReadLine()
            des.Key = HexToByte(keyValue)
            des.IV = HexToByte(ivValue)
        End Sub



        ' Converts a byte array to a hexadecimal string.
        Private Function ByteToHex( _
        ByVal byteArray() As Byte) As String
            Dim outString As String = ""

            Dim b As [Byte]
            For Each b In byteArray
                outString += b.ToString("X2")
            Next b
            Return outString
        End Function 'ByteToHex


        ' Converts a hexadecimal string to a byte array.
        Private Function HexToByte(ByVal hexString As String) As Byte()
            Dim returnBytes(hexString.Length / 2) As Byte
            Dim i As Integer
            For i = 0 To returnBytes.Length - 1
                returnBytes(i) = _
                Convert.ToByte(hexString.Substring(i * 2, 2), 16)
            Next i
            Return returnBytes
        End Function 'HexToByte
    End Class

End Namespace

O exemplo a seguir mostra como usar o ProtectedConfigurationProviderpersonalizado anterior.The following example shows how to use the previous custom ProtectedConfigurationProvider.

using System;
using System.Configuration;
using Samples.AspNet.Configuration;

namespace Samples.AspNet.Configuration
{

    // Show how to use a custom protected configuration
    // provider.
    public class TestingProtectedConfigurationProvider
    {

        // Protect the connectionStrings section.
        private static void ProtectConfiguration()
        {

            // Get the application configuration file.
            System.Configuration.Configuration config =
                    ConfigurationManager.OpenExeConfiguration(
                    ConfigurationUserLevel.None);

            // Define the provider name.
            string provider =
                "TripleDESProtectedConfigurationProvider";

            // Get the section to protect.
            ConfigurationSection connStrings =
                config.ConnectionStrings;

            if (connStrings != null)
            {
                if (!connStrings.SectionInformation.IsProtected)
                {
                    if (!connStrings.ElementInformation.IsLocked)
                    {
                        // Protect the section.
                        connStrings.SectionInformation.ProtectSection(provider);

                        connStrings.SectionInformation.ForceSave = true;
                        config.Save(ConfigurationSaveMode.Full);

                        Console.WriteLine("Section {0} is now protected by {1}",
                            connStrings.SectionInformation.Name,
                            connStrings.SectionInformation.ProtectionProvider.Name);
                    }
                    else
                        Console.WriteLine(
                             "Can't protect, section {0} is locked",
                             connStrings.SectionInformation.Name);
                }
                else
                    Console.WriteLine(
                        "Section {0} is already protected by {1}",
                        connStrings.SectionInformation.Name,
                        connStrings.SectionInformation.ProtectionProvider.Name);
            }
            else
                Console.WriteLine("Can't get the section {0}",
                    connStrings.SectionInformation.Name);
        }

        // Unprotect the connectionStrings section.
        private static void UnProtectConfiguration()
        {

            // Get the application configuration file.
            System.Configuration.Configuration config =
                    ConfigurationManager.OpenExeConfiguration(
                    ConfigurationUserLevel.None);

            // Get the section to unprotect.
            ConfigurationSection connStrings =
                config.ConnectionStrings;

            if (connStrings != null)
            {
                if (connStrings.SectionInformation.IsProtected)
                {
                    if (!connStrings.ElementInformation.IsLocked)
                    {
                        // Unprotect the section.
                        connStrings.SectionInformation.UnprotectSection();

                        connStrings.SectionInformation.ForceSave = true;
                        config.Save(ConfigurationSaveMode.Full);

                        Console.WriteLine("Section {0} is now unprotected.",
                            connStrings.SectionInformation.Name);
                    }
                    else
                        Console.WriteLine(
                             "Can't unprotect, section {0} is locked",
                             connStrings.SectionInformation.Name);
                }
                else
                    Console.WriteLine(
                        "Section {0} is already unprotected.",
                        connStrings.SectionInformation.Name);
            }
            else
                Console.WriteLine("Can't get the section {0}",
                    connStrings.SectionInformation.Name);
        }

        public static void Main(string[] args)
        {

            string selection = string.Empty;

            if (args.Length == 0)
            {
                Console.WriteLine(
                    "Select createkey, protect or unprotect");
                return;
            }

            selection = args[0].ToLower();

            switch (selection)
            {

                // Create the key to use during 
                // encryption/decryption.
                case "createkey":
                    string keyContainer = 
                        "pcKey.txt";

                    // Instantiate the custom provider.
                    TripleDESProtectedConfigurationProvider 
                        provider =
                        new TripleDESProtectedConfigurationProvider();

                    // Create the encryption/decryption key.
                    provider.CreateKey(keyContainer);

                    Console.WriteLine(
                        "New TripleDES key created in {0}",
                        keyContainer);
                    break;

                case "protect":
                    ProtectConfiguration();
                    break;

                case "unprotect":
                    UnProtectConfiguration();
                    break;

                default:
                    Console.WriteLine("Unknown selection");
                    break;
            }

            Console.Read();
        }
    }
}
Imports System.Configuration

Namespace Samples.AspNet
    ' Show how to use a custom protected configuration
    ' provider.

    Public Class TestingProtectedConfigurationProvider


        ' Protect the connectionStrings section.
        Private Shared Sub ProtectConfiguration()

            ' Get the application configuration file.
            Dim config _
            As System.Configuration.Configuration = _
            ConfigurationManager.OpenExeConfiguration( _
            ConfigurationUserLevel.None)

            ' Define the provider name.
            Dim provider As String = _
            "TripleDESProtectedConfigurationProvider"

            ' Get the section to protect.
            Dim connStrings _
            As ConfigurationSection = config.ConnectionStrings

            If Not (connStrings Is Nothing) Then
                If Not connStrings.SectionInformation.IsProtected Then
                    If Not connStrings.ElementInformation.IsLocked Then
                        ' Protect the section.
                        connStrings.SectionInformation.ProtectSection( _
                        provider)

                        connStrings.SectionInformation.ForceSave = True
                        config.Save(ConfigurationSaveMode.Full)

                        Console.WriteLine( _
                        "Section {0} is now protected by {1}", _
                        connStrings.SectionInformation.Name, _
                        connStrings.SectionInformation.ProtectionProvider.Name)

                    Else
                        Console.WriteLine( _
                        "Can't protect, section {0} is locked", _
                        connStrings.SectionInformation.Name)
                    End If
                Else
                    Console.WriteLine( _
                    "Section {0} is already protected by {1}", _
                    connStrings.SectionInformation.Name, _
                    connStrings.SectionInformation.ProtectionProvider.Name)
                End If

            Else
                Console.WriteLine( _
                "Can't get the section {0}", _
                connStrings.SectionInformation.Name)
            End If
        End Sub


        ' Unprotect the connectionStrings section.
        Private Shared Sub UnProtectConfiguration()

            ' Get the application configuration file.
            Dim config _
            As System.Configuration.Configuration = _
            ConfigurationManager.OpenExeConfiguration( _
            ConfigurationUserLevel.None)

            ' Get the section to unprotect.
            Dim connStrings _
            As ConfigurationSection = config.ConnectionStrings

            If Not (connStrings Is Nothing) Then
                If connStrings.SectionInformation.IsProtected Then
                    If Not connStrings.ElementInformation.IsLocked Then
                        ' Unprotect the section.
                        connStrings.SectionInformation.UnprotectSection()

                        connStrings.SectionInformation.ForceSave = True
                        config.Save(ConfigurationSaveMode.Full)

                        Console.WriteLine( _
                        "Section {0} is now unprotected.", _
                        connStrings.SectionInformation.Name)

                    Else
                        Console.WriteLine( _
                        "Can't unprotect, section {0} is locked", _
                        connStrings.SectionInformation.Name)
                    End If
                Else
                    Console.WriteLine( _
                    "Section {0} is already unprotected.", _
                    connStrings.SectionInformation.Name)
                End If

            Else
                Console.WriteLine( _
                "Can't get the section {0}", _
                connStrings.SectionInformation.Name)
            End If
        End Sub



        Public Shared Sub Main(ByVal args() As String)

            Dim selection As String = String.Empty

            If args.Length = 0 Then
                Console.WriteLine( _
                "Select createkey, protect or unprotect")
                Return
            End If

            selection = args(0).ToLower()

            Select Case selection

                ' Create the key to use during 
                ' encryption/decryption.
                Case "createkey"
                    Dim keyContainer As String = "pcKey.txt"

                    ' Instantiate the custom provider.
                    Dim provider _
                    As New TripleDESProtectedConfigurationProvider()

                    ' Create the encryption/decryption key.
                    provider.CreateKey(keyContainer)

                    Console.WriteLine( _
                    "New TripleDES key created in {0}", _
                    keyContainer)

                Case "protect"
                    ProtectConfiguration()

                Case "unprotect"
                    UnProtectConfiguration()

                Case Else
                    Console.WriteLine("Unknown selection")
            End Select

            Console.Read()
        End Sub
    End Class
End Namespace

Veja a seguir um trecho do arquivo de configuração usado pelos exemplos acima.The following is an excerpt of the configuration file used by the above examples.

<?xml version="1.0" encoding="utf-8" ?>  
<configuration>  
  
  <configProtectedData >  
    <providers>  
      <clear />  
      <add keyContainerName="pcKey.txt"   
        name="TripleDESProtectedConfigurationProvider"  
type="Samples.Aspnet.TripleDESProtectedConfigurationProvider, protectedconfigurationproviderlib, Version=1.0.0.0, Culture=neutral, PublicKeyToken=79e01ae0f5cfc66f, processorArchitecture=MSIL" />  
    </providers>  
  
  </configProtectedData >  
  
  <connectionStrings>  
    <add name="NorthwindConnectionString"   
      connectionString="Data Source=webnetue2;Initial Catalog=Northwind;User ID=aspnet_test;Password=test"  
providerName="System.Data.SqlClient" />  
  </connectionStrings>  
  
</configuration>  

Comentários

Você pode criptografar seções de um arquivo de configuração para proteger informações confidenciais usadas pelo seu aplicativo.You can encrypt sections of a configuration file to protect sensitive information used by your application. Isso melhora a segurança, tornando difícil para o acesso não autorizado, mesmo se um invasor obtiver acesso ao arquivo de configuração.This improves security by making it difficult for unauthorized access even if an attacker gains access to your configuration file.

O .NET Framework inclui dois provedores de configuração protegidos que podem ser usados para criptografar seções de um arquivo de configuração.The .NET Framework includes two protected configuration providers that can be used to encrypt sections of a configuration file. A classe RsaProtectedConfigurationProvider usa o RSACryptoServiceProvider para criptografar seções de configuração.The RsaProtectedConfigurationProvider class uses the RSACryptoServiceProvider to encrypt configuration sections. A classe DpapiProtectedConfigurationProvider usa a API de proteção de dados do Windows (DPAPI) para criptografar seções de configuração.The DpapiProtectedConfigurationProvider class uses the Windows Data Protection API (DPAPI) to encrypt configuration sections.

Talvez você tenha um requisito para criptografar informações confidenciais usando um algoritmo diferente dos provedores RSA ou DPAPI.You might have a requirement to encrypt sensitive information using an algorithm other than the RSA or DPAPI providers. Nesse caso, você pode criar seu próprio provedor personalizado de configuração protegida.In this case, you can build your own custom protected-configuration provider. O ProtectedConfigurationProvider é uma classe base abstrata que deve ser herdada para criar seu próprio provedor de configuração protegida.The ProtectedConfigurationProvider is an abstract base class that you must inherit from to create your own protected-configuration provider.

Se você usa um provedor padrão ou personalizado, deve garantir que ele esteja configurado com o elemento add na seção providers da seção de configuração configProtectedData.Whether you use a standard or a custom provider, you must ensure that it is configured with the add element in the providers section of the configProtectedData configuration section. (Consulte o próximo exemplo.)(See next example.)

Para obter detalhes, consulte implementando um provedor de configuração protegida.For details, see Implementing a Protected Configuration Provider.

Observação

Quando o ASP.NET encontra dados de configuração criptografados, ele executa a descriptografia de forma transparente usando o provedor configurado.When ASP.NET encounters encrypted configuration data, it performs decryption transparently using the configured provider. Nenhuma ação é necessária no seu lado além de certificar-se de que você configurou o provedor necessário.No action is required on your side other than making sure that you configure the required provider.

Construtores

ProtectedConfigurationProvider()

Inicializa uma nova instância da classe ProtectedConfigurationProvider usando as configurações padrão.Initializes a new instance of the ProtectedConfigurationProvider class using default settings.

Propriedades

Description

Obtém uma breve descrição amigável adequada para exibição em ferramentas administrativas ou outras IUs (interfaces do usuário).Gets a brief, friendly description suitable for display in administrative tools or other user interfaces (UIs).

(Herdado de ProviderBase)
Name

Obtém o nome amigável usado para referir-se ao provedor durante a configuração.Gets the friendly name used to refer to the provider during configuration.

(Herdado de ProviderBase)

Métodos

Decrypt(XmlNode)

Descriptografa o objeto XmlNode passado de um arquivo de configuração.Decrypts the passed XmlNode object from a configuration file.

Encrypt(XmlNode)

Criptografa o objeto XmlNode passado de um arquivo de configuração.Encrypts the passed XmlNode object from a configuration file.

Equals(Object)

Determina se o objeto especificado é igual ao objeto atual.Determines whether the specified object is equal to the current object.

(Herdado de Object)
GetHashCode()

Serve como a função de hash padrão.Serves as the default hash function.

(Herdado de Object)
GetType()

Obtém o Type da instância atual.Gets the Type of the current instance.

(Herdado de Object)
Initialize(String, NameValueCollection)

Inicializa o construtor de configuração.Initializes the configuration builder.

(Herdado de ProviderBase)
MemberwiseClone()

Cria uma cópia superficial do Object atual.Creates a shallow copy of the current Object.

(Herdado de Object)
ToString()

Retorna uma cadeia de caracteres que representa o objeto atual.Returns a string that represents the current object.

(Herdado de Object)

Aplica-se a

Veja também