Most frameworks such as ASP.NET or SignalR configures the data protection system and sum it to a service container you approach via dependency injection. The following sample explains configuring a service container for dependency injection and listing the data protection stack, receiving the data protection provider via DI, developing a protector and protecting the unprotected data
1. Data Protection APIs In Asp.Net
To be simple, protecting data has the following steps:
1. Create a data protector from a data protection provider.
2. Call the Protect method with the data you want to protect.
3. Call the Unprotect method with the data you want to convert into plain text.
Most frameworks such as ASP.NET or SignalR configures the data protection system
and sum it to a service container you approach via dependency injection. The following
sample explains configuring a service container for dependency injection and listing the
data protection stack, receiving the data protection provider via DI, developing a
protector and protecting the unprotected data
2. using System;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.Extensions.DependencyInjection;
public class Program
{
public static void Main(string[] args)
{
// add data protection services
var serviceCollection = new ServiceCollection();
serviceCollection.AddDataProtection();
var services = serviceCollection.BuildServiceProvider();
// create an instance of MyClass using the service provider
var instance = ActivatorUtilities.CreateInstance<MyClass>(services);
instance.RunSample();
}
public class MyClass
{
IDataProtector _protector;
// the 'provider' parameter is provided by DI
public MyClass(IDataProtectionProvider provider)
4. When you design a protector you should provide one or more Purpose Strings. A
purpose string gives isolation between consumers, for instance, a protector designed
with a purpose string of “green” would not be able to unprotect data provided by a
protector with a purpose of “purple”.
Examples of IDataProtectionProvider and IDataProtector are thread-safe for many
callers. It is said that once a component gets a reference to an IDataProtector via a call to
CreateProtector, it will use that reference for multi calls to Protect and Unprotect.
A call to Unprotect will throw CryptographicException if the protected payload cannot
be evaluated. Some components might wish to ignore errors during unprotect operations;
a component which reads genuine cookies might handle this error and treat the request
as if it had no cookie at all rather than fail the request.
An overview of consumer APIs
The IDataProtectionProvider and IDataProtector interfaces are the fundamental
interfaces via which consumers use the data protection method. They are located in the
Microsoft.AspNetCore.DataProtection.Interfaces.
IDataProtectionProvider
Now the provider interface is the root of the data protection system. It cannot be directly
used to protect or unprotect data. In spite, the consumer must get a reference to an
IDataProtector by calling IDataProtectionProvider.CreateProtector(purpose), where the
purpose is a string that defines the intended consumer use case.
IDataProtector
This protector interface is returned by a call to CreateProtector, and it is this interface
which consumers can utilize to do protect and unprotect operations.
To protect a piece of data, pass the data to the Protect method. The basic interface
explains a method which transforms byte[] -> byte[], but there is also an overload which
transforms string -> string. The security given by the two methods is similar; the
developer should select whichever overload is most easy for the use case. Irrespective of
5. the overload selected, the value returned by the Protect method is now protected and the
application can send it to an untrusted client.
In order to unprotect a previously-protected piece of data, then pass the protected data to
the Unprotect method. If the covered payload was produced by an earlier call to Protect
on this same IDataProtector, Unprotect method will give the original unprotected
payload. If the protected payload has been interfered with or was yielded by a different
IDataProtector, the Unprotect method will give CryptographicException.
If you are interested in learning .Net and enroll yourself in ASP.NET training, then
CRB Tech Solutions would be of help. We update ourself with the current changes in
ASP.Net course.
Stay linked to the page of CRB Tech reviews for more technical optimization and other
resources.