C# (CSharp) IDataProtectionBuilder.ProtectKeysWithDpapi 예제들

예제 #1

파일: Startup.cs 프로젝트: lithnet/access-manager

        private void ConfigureDataProtection(IServiceCollection services, IAmsLicenseManager licenseManager)
        {
            var provider = services.BuildServiceProvider();
            var dataProtectionOptions = provider.GetService <IOptions <Server.Configuration.DataProtectionOptions> >();

            IDataProtectionBuilder builder = services.AddDataProtection(options =>
            {
                options.ApplicationDiscriminator = "lithnetams";
            });

            SecurityIdentifier sid = WindowsIdentity.GetCurrent().User;

            RegistryKey key = Registry.LocalMachine.CreateSubKey($"Software\\Lithnet\\Access Manager Service\\Parameters\\Keys\\{sid}");

            builder.PersistKeysToRegistry(key);

            if (dataProtectionOptions.Value.EnableClusterCompatibleSecretEncryption && licenseManager.IsFeatureEnabled(LicensedFeatures.DpapiNgSecretEncryption))
            {
                if (dataProtectionOptions.Value.EnableClusterCompatibleSecretEncryption && licenseManager.IsFeatureEnabled(LicensedFeatures.DpapiNgSecretEncryption))
                {
                    builder.ProtectKeysWithDpapiNG($"SID={sid}", Microsoft.AspNetCore.DataProtection.XmlEncryption.DpapiNGProtectionDescriptorFlags.None);
                }
                else
                {
                    builder.ProtectKeysWithDpapi(false);
                }
            }
        }

예제 #2

    public static IDataProtectionBuilder ProtectKeysWithDpapi(this IDataProtectionBuilder builder)
    {
        if (builder == null)
        {
            throw new ArgumentNullException(nameof(builder));
        }

        return(builder.ProtectKeysWithDpapi(protectToLocalMachine: false));
    }

예제 #3

        protected internal override void AddInternal(IDataProtectionBuilder builder)
        {
            if (builder == null)
            {
                throw new ArgumentNullException(nameof(builder));
            }

            builder.ProtectKeysWithDpapi(this.ProtectToLocalMachine);
        }

예제 #4

        public static IDataProtectionBuilder ConfigureDataProtection(this IDataProtectionBuilder builder, IConfiguration configuration)
        {
            var dataProtectionsOptions = configuration.Get <Aguacongas.TheIdServer.Models.DataProtectionOptions>();

            if (dataProtectionsOptions == null)
            {
                return(builder);
            }
            builder.AddKeyManagementOptions(options => configuration.GetSection(nameof(KeyManagementOptions))?.Bind(options));
            ConfigureEncryptionAlgorithm(builder, configuration);
            switch (dataProtectionsOptions.StorageKind)
            {
            case StorageKind.AzureStorage:
                builder.PersistKeysToAzureBlobStorage(new Uri(dataProtectionsOptions.StorageConnectionString));
                break;

            case StorageKind.EntityFramework:
                builder.PersistKeysToDbContext <OperationalDbContext>();
                break;

            case StorageKind.FileSytem:
                builder.PersistKeysToFileSystem(new DirectoryInfo(dataProtectionsOptions.StorageConnectionString));
                break;

            case StorageKind.Redis:
                var redis = ConnectionMultiplexer.Connect(dataProtectionsOptions.StorageConnectionString);
                if (string.IsNullOrEmpty(dataProtectionsOptions.RedisKey))
                {
                    builder.PersistKeysToStackExchangeRedis(redis);
                    break;
                }
                builder.PersistKeysToStackExchangeRedis(redis, dataProtectionsOptions.RedisKey);
                break;

            case StorageKind.Registry:
#pragma warning disable CA1416 // Validate platform compatibility
                builder.PersistKeysToRegistry(Registry.CurrentUser.OpenSubKey(dataProtectionsOptions.StorageConnectionString));
#pragma warning restore CA1416 // Validate platform compatibility
                break;
            }
            var protectOptions = dataProtectionsOptions.KeyProtectionOptions;
            if (protectOptions != null)
            {
                switch (protectOptions.KeyProtectionKind)
                {
                case KeyProtectionKind.AzureKeyVault:
                    builder.ProtectKeysWithAzureKeyVault(protectOptions.AzureKeyVaultKeyId, protectOptions.AzureKeyVaultClientId, protectOptions.AzureKeyVaultClientSecret);
                    break;

                case KeyProtectionKind.WindowsDpApi:
                    builder.ProtectKeysWithDpapi(protectOptions.WindowsDPAPILocalMachine);
                    break;

                case KeyProtectionKind.WindowsDpApiNg:
                    ConfigureWindowsDpApiNg(builder, protectOptions);
                    break;

                case KeyProtectionKind.X509:
                    if (!string.IsNullOrEmpty(protectOptions.X509CertificatePath))
                    {
                        var certificate = SigningKeysLoader.LoadFromFile(protectOptions.X509CertificatePath, protectOptions.X509CertificatePassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.UserKeySet);
                        builder.ProtectKeysWithCertificate(certificate);
                        break;
                    }
                    builder.ProtectKeysWithCertificate(protectOptions.X509CertificateThumbprint);
                    break;
                }
            }

            return(builder);
        }

예제 #5

파일: AppBuilderExtensions.cs 프로젝트: sreepathysois/financial-app

 private static void ConfigureWindowProtection(IDataProtectionBuilder dataProtectionBuilder) => dataProtectionBuilder.ProtectKeysWithDpapi();