Data Protection APIs In Asp.Net
To be simple, protecting data has the following steps:
1. Create a data protector from a d...
using System;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.Extensions.DependencyInjection;
public class Prog...
{
_protector = provider.CreateProtector("Contoso.MyClass.v1");
}
public void RunSample()
{
Console.Write("Enter input: ");...
When you design a protector you should provide one or more Purpose Strings. A
purpose string gives isolation between consu...
the overload selected, the value returned by the Protect method is now protected and the
application can send it to an unt...
Próxima SlideShare
Cargando en…5
×

Data protection api's in asp dot net

55 visualizaciones

Publicado el

Most frameworks such as ASP.NET or SignalR configures the data protection system and sum it to a service container you approach via dependency injection. The following sample explains configuring a service container for dependency injection and listing the data protection stack, receiving the data protection provider via DI, developing a protector and protecting the unprotected data

Publicado en: Educación
0 comentarios
0 recomendaciones
Estadísticas
Notas
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Sin descargas
Visualizaciones
Visualizaciones totales
55
En SlideShare
0
De insertados
0
Número de insertados
1
Acciones
Compartido
0
Descargas
2
Comentarios
0
Recomendaciones
0
Insertados 0
No insertados

No hay notas en la diapositiva.

Data protection api's in asp dot net

  1. 1. Data Protection APIs In Asp.Net To be simple, protecting data has the following steps: 1. Create a data protector from a data protection provider. 2. Call the Protect method with the data you want to protect. 3. Call the Unprotect method with the data you want to convert into plain text. Most frameworks such as ASP.NET or SignalR configures the data protection system and sum it to a service container you approach via dependency injection. The following sample explains configuring a service container for dependency injection and listing the data protection stack, receiving the data protection provider via DI, developing a protector and protecting the unprotected data
  2. 2. using System; using Microsoft.AspNetCore.DataProtection; using Microsoft.Extensions.DependencyInjection; public class Program { public static void Main(string[] args) { // add data protection services var serviceCollection = new ServiceCollection(); serviceCollection.AddDataProtection(); var services = serviceCollection.BuildServiceProvider(); // create an instance of MyClass using the service provider var instance = ActivatorUtilities.CreateInstance<MyClass>(services); instance.RunSample(); } public class MyClass { IDataProtector _protector; // the 'provider' parameter is provided by DI public MyClass(IDataProtectionProvider provider)
  3. 3. { _protector = provider.CreateProtector("Contoso.MyClass.v1"); } public void RunSample() { Console.Write("Enter input: "); string input = Console.ReadLine(); // protect the payload string protectedPayload = _protector.Protect(input); Console.WriteLine($"Protect returned: {protectedPayload}"); // unprotect the payload string unprotectedPayload = _protector.Unprotect(protectedPayload); Console.WriteLine($"Unprotect returned: {unprotectedPayload}"); } } } /* * SAMPLE OUTPUT * * Enter input: Hello world! * Protect returned: CfDJ8ICcgQwZZhlAlTZT...OdfH66i1PnGmpCR5e441xQ * Unprotect returned: Hello world!
  4. 4. When you design a protector you should provide one or more Purpose Strings. A purpose string gives isolation between consumers, for instance, a protector designed with a purpose string of “green” would not be able to unprotect data provided by a protector with a purpose of “purple”. Examples of IDataProtectionProvider and IDataProtector are thread-safe for many callers. It is said that once a component gets a reference to an IDataProtector via a call to CreateProtector, it will use that reference for multi calls to Protect and Unprotect. A call to Unprotect will throw CryptographicException if the protected payload cannot be evaluated. Some components might wish to ignore errors during unprotect operations; a component which reads genuine cookies might handle this error and treat the request as if it had no cookie at all rather than fail the request. An overview of consumer APIs The IDataProtectionProvider and IDataProtector interfaces are the fundamental interfaces via which consumers use the data protection method. They are located in the Microsoft.AspNetCore.DataProtection.Interfaces. IDataProtectionProvider Now the provider interface is the root of the data protection system. It cannot be directly used to protect or unprotect data. In spite, the consumer must get a reference to an IDataProtector by calling IDataProtectionProvider.CreateProtector(purpose), where the purpose is a string that defines the intended consumer use case. IDataProtector This protector interface is returned by a call to CreateProtector, and it is this interface which consumers can utilize to do protect and unprotect operations. To protect a piece of data, pass the data to the Protect method. The basic interface explains a method which transforms byte[] -> byte[], but there is also an overload which transforms string -> string. The security given by the two methods is similar; the developer should select whichever overload is most easy for the use case. Irrespective of
  5. 5. the overload selected, the value returned by the Protect method is now protected and the application can send it to an untrusted client. In order to unprotect a previously-protected piece of data, then pass the protected data to the Unprotect method. If the covered payload was produced by an earlier call to Protect on this same IDataProtector, Unprotect method will give the original unprotected payload. If the protected payload has been interfered with or was yielded by a different IDataProtector, the Unprotect method will give CryptographicException. If you are interested in learning .Net and enroll yourself in ASP.NET training, then CRB Tech Solutions would be of help. We update ourself with the current changes in ASP.Net course. Stay linked to the page of CRB Tech reviews for more technical optimization and other resources.

×