RsaProtectedConfigurationProvider 类

定义

提供使用 RSA 加密对配置数据进行加密和解密的 ProtectedConfigurationProvider 实例。Provides a ProtectedConfigurationProvider instance that uses RSA encryption to encrypt and decrypt configuration data.

public ref class RsaProtectedConfigurationProvider sealed : System::Configuration::ProtectedConfigurationProvider
public sealed class RsaProtectedConfigurationProvider : System.Configuration.ProtectedConfigurationProvider
type RsaProtectedConfigurationProvider = class
    inherit ProtectedConfigurationProvider
Public NotInheritable Class RsaProtectedConfigurationProvider
Inherits ProtectedConfigurationProvider
继承
RsaProtectedConfigurationProvider

示例

下面的示例演示如何使用标准RsaProtectedConfigurationProvider来保护或取消保护配置节。The following example shows how to use the standard RsaProtectedConfigurationProvider to protect or unprotect a configuration section.

using System;
using System.Configuration;

public class UsingRsaProtectedConfigurationProvider
{

    // Protect the connectionStrings section.
    private static void ProtectConfiguration()
    {

        // Get the application configuration file.
        System.Configuration.Configuration config =
                ConfigurationManager.OpenExeConfiguration(
                ConfigurationUserLevel.None);

        // Define the Rsa provider name.
        string provider =
            "RsaProtectedConfigurationProvider";

        // Get the section to protect.
        ConfigurationSection connStrings =
            config.ConnectionStrings;

        if (connStrings != null)
        {
            if (!connStrings.SectionInformation.IsProtected)
            {
                if (!connStrings.ElementInformation.IsLocked)
                {
                    // Protect the section.
                    connStrings.SectionInformation.ProtectSection(provider);

                    connStrings.SectionInformation.ForceSave = true;
                    config.Save(ConfigurationSaveMode.Full);

                    Console.WriteLine("Section {0} is now protected by {1}",
                        connStrings.SectionInformation.Name,
                        connStrings.SectionInformation.ProtectionProvider.Name);

                }
                else
                    Console.WriteLine(
                         "Can't protect, section {0} is locked",
                         connStrings.SectionInformation.Name);
            }
            else
                Console.WriteLine(
                    "Section {0} is already protected by {1}",
                    connStrings.SectionInformation.Name,
                    connStrings.SectionInformation.ProtectionProvider.Name);

        }
        else
            Console.WriteLine("Can't get the section {0}",
                connStrings.SectionInformation.Name);
              
    }


    // Unprotect the connectionStrings section.
    private static void UnProtectConfiguration()
    {

        // Get the application configuration file.
        System.Configuration.Configuration config =
                ConfigurationManager.OpenExeConfiguration(
                ConfigurationUserLevel.None);

        // Get the section to unprotect.
        ConfigurationSection connStrings =
            config.ConnectionStrings;

        if (connStrings != null)
        {
            if (connStrings.SectionInformation.IsProtected)
            {
                if (!connStrings.ElementInformation.IsLocked)
                {
                    // Unprotect the section.
                    connStrings.SectionInformation.UnprotectSection();

                    connStrings.SectionInformation.ForceSave = true;
                    config.Save(ConfigurationSaveMode.Full);

                    Console.WriteLine("Section {0} is now unprotected.",
                        connStrings.SectionInformation.Name);

                }
                else
                    Console.WriteLine(
                         "Can't unprotect, section {0} is locked",
                         connStrings.SectionInformation.Name);
            }
            else
                Console.WriteLine(
                    "Section {0} is already unprotected.",
                    connStrings.SectionInformation.Name);
                
        }
        else
            Console.WriteLine("Can't get the section {0}",
                connStrings.SectionInformation.Name);

    }


    public static void Main(string[] args)
    {

        string selection = string.Empty;

        if (args.Length == 0)
        {
            Console.WriteLine(
                "Select protect or unprotect");
            return;
        }

        selection = args[0].ToLower();

        switch (selection)
        {
            case "protect":
                ProtectConfiguration();
                break;

            case "unprotect":
                UnProtectConfiguration();
                break;
 
            default:
                Console.WriteLine("Unknown selection");
                break;
        }

        Console.Read();
            
    }


}

Imports System.Configuration


Public Class UsingRsaProtectedConfigurationProvider
   
   
   ' Protect the connectionStrings section.
   Private Shared Sub ProtectConfiguration()
      
      ' Get the application configuration file.
        Dim config As System.Configuration.Configuration = _
        ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None)
      
      ' Define the Rsa provider name.
        Dim provider As String = _
        "RsaProtectedConfigurationProvider"
      
      ' Get the section to protect.
        Dim connStrings As ConfigurationSection = _
        config.ConnectionStrings
      
      If Not (connStrings Is Nothing) Then
         If Not connStrings.SectionInformation.IsProtected Then
            If Not connStrings.ElementInformation.IsLocked Then
                    ' Protect the section.

                    connStrings.SectionInformation.ProtectSection(provider)


                    connStrings.SectionInformation.ForceSave = True

                    config.Save(ConfigurationSaveMode.Full)

                    Console.WriteLine( _
                    "Section {0} is now protected by {1}", _
                    connStrings.SectionInformation.Name, _
                    connStrings.SectionInformation.ProtectionProvider.Name)

                Else
                    Console.WriteLine( _
                    "Can't protect, section {0} is locked", _
                    connStrings.SectionInformation.Name)
                End If
         Else
                Console.WriteLine( _
                "Section {0} is already protected by {1}", _
                connStrings.SectionInformation.Name, _
                connStrings.SectionInformation.ProtectionProvider.Name)
         End If
      
      Else
            Console.WriteLine( _
            "Can't get the section {0}", _
            connStrings.SectionInformation.Name)
      End If
   End Sub
    
   
   
   ' Unprotect the connectionStrings section.
   Private Shared Sub UnProtectConfiguration()
      
      ' Get the application configuration file.
        Dim config As System.Configuration.Configuration = _
        ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None)
      
      ' Get the section to unprotect.
        Dim connStrings As ConfigurationSection = _
        config.ConnectionStrings
      
      If Not (connStrings Is Nothing) Then
         If connStrings.SectionInformation.IsProtected Then
            If Not connStrings.ElementInformation.IsLocked Then
               ' Unprotect the section.
               connStrings.SectionInformation.UnprotectSection()
               
               connStrings.SectionInformation.ForceSave = True
               config.Save(ConfigurationSaveMode.Full)
               
                    Console.WriteLine( _
                    "Section {0} is now unprotected.", _
                    connStrings.SectionInformation.Name)
            
            Else
                    Console.WriteLine( _
                    "Can't unprotect, section {0} is locked", _
                    connStrings.SectionInformation.Name)
            End If
         Else
                Console.WriteLine( _
                "Section {0} is already unprotected.", _
                connStrings.SectionInformation.Name)
         End If
      
      Else
            Console.WriteLine( _
            "Can't get the section {0}", _
            connStrings.SectionInformation.Name)
      End If
   End Sub
   
   
   
    Public Shared Sub Main(ByVal args() As String)

        Dim selection As String = String.Empty

        If args.Length = 0 Then
            Console.WriteLine( _
            "Select protect or unprotect")
            Return
        End If

        selection = args(0).ToLower()

        Select Case selection
            Case "protect"
                ProtectConfiguration()

            Case "unprotect"
                UnProtectConfiguration()

            Case Else
                Console.WriteLine( _
                "Unknown selection")
        End Select

        Console.Read()
    End Sub

End Class

下面的示例演示了加密后配置文件中的摘录。The following example shows an excerpt from a configuration file after encryption.

<?xml version="1.0" encoding="utf-8"?>  
<configuration>  
  <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">  
    <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"  
        xmlns="http://www.w3.org/2001/04/xmlenc#">  
      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />  
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">  
        <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">  
          <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />  
          <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">  
            <KeyName>Rsa Key</KeyName>  
          </KeyInfo>  
          <CipherData>  
            <CipherValue>B702tRDVHJjC3CYXt7I0ucCDjdht/Vyk/DdUhwQyt7vepSD85dwCP8ox9Y1BUdjajFeTFfFBsGypbli5HPGRYamQdrVkPo07bBBXNT5H02qxREguGUU4iDtV1Xp8BLVZjQMV4ZgP6Wbctw2xRvPC7GvKHLI4fUN/Je5LmutsijA=</CipherValue>  
          </CipherData>  
        </EncryptedKey>  
      </KeyInfo>  
      <CipherData>  
        <CipherValue>ME+XJA2TAj3QN3yT4pJq3sRArC0i7Cz3Da71BkaRe9QNfuVuUjcv0jeGUN4wDdOAZ7LPq6UpVrpirY3kQcALDvPJ5nKxk++Mw75rjtIO8eh2goTY9rCK6zanfzaDshFy7IqItpvs/y2kmij25nM3ury6uO0hCf0UbEL1mbT2jXDqvcrHZUobO1Ef6bygBZ/8HpU+VfF9CTCob/BBE9zUkK37EQhcduwsnzBvDblYbF/Rd+F4lxAkZnecGLfCZjOzJB4xH1a0vvWtPR7zNwL/7I0uHzQjyMdWrkBnotMjoR70R7NELBotCogWO0MBimncKigdR3dTTdrCd72a7UJ4LMlEQaZXGIJp4PIg6qVDHII=</CipherValue>  
      </CipherData>  
    </EncryptedData>  
  </connectionStrings>  
</configuration>  

注解

RsaProtectedConfigurationProvider类提供一种方法来加密存储在配置文件中的敏感信息,这有助于防止未经授权的访问。The RsaProtectedConfigurationProvider class gives you a way to encrypt sensitive information stored in a configuration file, which helps protect it from unauthorized access. 通过在配置文件中声明RsaProtectedConfigurationProvider提供程序和设置适当的设置,而不是创建此类的实例,可以使用内置实例,如 "示例" 部分所示。You use the built-in RsaProtectedConfigurationProvider instance by declaring the provider and making appropriate settings in the configuration file instead of creating an instance of this class, as shown in the Examples section.

对象使用由RSA类提供的加密功能来加密和解密配置节。 RsaProtectedConfigurationProviderThe RsaProtectedConfigurationProvider object uses the cryptography functions provided by RSA class to encrypt and decrypt configuration sections.

备注

在 ASP.NET 可以对配置文件中的加密信息进行解密之前,ASP.NET 应用程序的标识必须对用于加密和解密配置数据的加密密钥具有读取访问权限。Before ASP.NET can decrypt encrypted information in your configuration file, the identity of your ASP.NET application must have read access to the encryption key used to encrypt and decrypt the configuration data. 有关详细信息,请参见演练:使用受保护的配置加密配置信息。For more information, see Walkthrough: Encrypting Configuration Information Using Protected Configuration.

构造函数

RsaProtectedConfigurationProvider()

初始化 RsaProtectedConfigurationProvider 类的新实例。Initializes a new instance of the RsaProtectedConfigurationProvider class.

属性

CspProviderName

获取 Windows 加密 API(加密 API)加密服务提供程序 (CSP) 的名称。Gets the name of the Windows cryptography API (crypto API) cryptographic service provider (CSP).

Description

获取一条简短的易懂描述,它适合在管理工具或其他用户界面 (UI) 中显示。Gets a brief, friendly description suitable for display in administrative tools or other user interfaces (UIs).

(继承自 ProviderBase)
KeyContainerName

获取密钥容器的名称。Gets the name of the key container.

Name

获得一个友好名称,用于在配置过程中引用提供程序。Gets the friendly name used to refer to the provider during configuration.

(继承自 ProviderBase)
RsaPublicKey

获取提供程序使用的公钥。Gets the public key used by the provider.

UseFIPS

获取一个值,该值指示句柄是否已关闭。Gets a value indicating whether the provider uses FIPS.

UseMachineContainer

获取一个值,该值指示 RsaProtectedConfigurationProvider 对象是否正在使用计算机密钥容器。Gets a value that indicates whether the RsaProtectedConfigurationProvider object is using the machine key container.

UseOAEP

获取一个值,该值指示提供程序是否正在使用最优不对称加密填充 (OAEP) 密钥交换数据。Gets a value that indicates whether the provider is using Optimal Asymmetric Encryption Padding (OAEP) key exchange data.

方法

AddKey(Int32, Boolean)

将密钥添加到 RSA 密钥容器中。Adds a key to the RSA key container.

Decrypt(XmlNode)

解密传递给它的 XML 节点。Decrypts the XML node passed to it.

DeleteKey()

从 RSA 密钥容器中移除密钥。Removes a key from the RSA key container.

Encrypt(XmlNode)

加密传递给它的 XML 节点。Encrypts the XML node passed to it.

Equals(Object)

确定指定的对象是否等于当前对象。Determines whether the specified object is equal to the current object.

(继承自 Object)
ExportKey(String, Boolean)

从密钥容器中导出 RSA 密钥。Exports an RSA key from the key container.

GetHashCode()

用作默认哈希函数。Serves as the default hash function.

(继承自 Object)
GetType()

获取当前实例的 TypeGets the Type of the current instance.

(继承自 Object)
ImportKey(String, Boolean)

将 RSA 密钥导入到密钥容器中。Imports an RSA key into the key container.

Initialize(String, NameValueCollection)

使用默认设置初始化提供程序。Initializes the provider with default settings.

MemberwiseClone()

创建当前 Object 的浅表副本。Creates a shallow copy of the current Object.

(继承自 Object)
ToString()

返回一个表示当前对象的 string。Returns a string that represents the current object.

(继承自 Object)

安全性

SecurityPermission
获取对受权限保护的资源的完全访问权限。for full access to the resource protected by the permission. DemandDemand.

适用于

另请参阅