public static void Main(string[] args) { // get the path to %LOCALAPPDATA%\myapp-keys string destFolder = Path.Combine( Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "myapp-keys"); // instantiate the data protection system at this folder var dataProtectionProvider = new DataProtectionProvider( new DirectoryInfo(destFolder), configuration => { configuration.SetApplicationName("my app name"); configuration.ProtectKeysWithDpapi(); }); var protector = dataProtectionProvider.CreateProtector("Program.No-DI"); Console.Write("Enter input: "); string input = Console.ReadLine(); // protect the payload string protectedPayload = protector.Protect(input); Console.WriteLine($"Protect returned: {protectedPayload}"); // unprotect the payload string unprotectedPayload = protector.Unprotect(protectedPayload); Console.WriteLine($"Unprotect returned: {unprotectedPayload}"); }
internal static IDataProtectionProvider GetDataProtectionProvider() { IDataProtectionProvider dataProtectionProvider = null; DirectoryInfo azureWebSitesKeysFolder = GetKeyStorageDirectoryForAzureWebSites(); if (azureWebSitesKeysFolder != null) { // TODO: look for a X509 Cert Thumbprint and if found wire that up. Otherwise log stern warning dataProtectionProvider = new DataProtectionProvider( azureWebSitesKeysFolder, options => { options.SetApplicationName(ApplicationName); }); azureWebSitesKeysFolder.Create(); return dataProtectionProvider; } DirectoryInfo localAppDataKeysFolder = GetDefaultKeyStorageDirectory(); if (localAppDataKeysFolder != null) { dataProtectionProvider = new DataProtectionProvider( localAppDataKeysFolder, options => { options.SetApplicationName(ApplicationName); options.ProtectKeysWithDpapi(); }); localAppDataKeysFolder.Create(); return dataProtectionProvider; } return null; }
static void Main(string[] args) { const string keyStore = "dataProtectionSamples"; const string appName = "SimpleFileSystemNoDI"; const string purpose = "Demonstration"; var programKeyStore = Path.Combine( Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), $"{keyStore}\\{appName}"); Console.WriteLine($"Keys stored in\n{programKeyStore}"); // instantiate the data protection system at this folder var dataProtectionProvider = new DataProtectionProvider(new DirectoryInfo(programKeyStore), options => { options.SetApplicationName(appName); }); var protector = dataProtectionProvider.CreateProtector(purpose); Console.Write("Enter input: "); string input = Console.ReadLine(); // protect the payload string protectedPayload = protector.Protect(input); Console.WriteLine($"Protect returned: {protectedPayload}"); // unprotect the payload string unprotectedPayload = protector.Unprotect(protectedPayload); Console.WriteLine($"Unprotect returned: {unprotectedPayload}"); Console.ReadLine(); }
public static void Main(string[] args) { // create a protector for my application var provider = new DataProtectionProvider(new DirectoryInfo(@"c:\myapp-keys\")); var baseProtector = provider.CreateProtector("Contoso.TimeLimitedSample"); // convert the normal protector into a time-limited protector var timeLimitedProtector = baseProtector.ToTimeLimitedDataProtector(); // get some input and protect it for five seconds Console.Write("Enter input: "); string input = Console.ReadLine(); string protectedData = timeLimitedProtector.Protect(input, lifetime: TimeSpan.FromSeconds(5)); Console.WriteLine($"Protected data: {protectedData}"); // unprotect it to demonstrate that round-tripping works properly string roundtripped = timeLimitedProtector.Unprotect(protectedData); Console.WriteLine($"Round-tripped data: {roundtripped}"); // wait 6 seconds and perform another unprotect, demonstrating that the payload self-expires Console.WriteLine("Waiting 6 seconds..."); Thread.Sleep(6000); timeLimitedProtector.Unprotect(protectedData); }
static void Main(string[] args) { const string keyStore = "dataProtectionSamples"; const string appName = "X509ProtectedFileSystemNoDI"; const string purpose = "Demonstration"; var programKeyStore = Path.Combine( Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), $"{keyStore}\\{appName}"); Console.WriteLine($"Keys stored in\n{programKeyStore}"); // Normally you'd have the certificate in the user certificate store, this is just for demo purposes. // Don't hardcode certificate passwords! // Certificate was generated with // makecert -r -pe -n "CN=Data Protection" -b 07/01/2015 -e 07/01/2020 -sky exchange -eku 1.3.6.1.4.1.311.10.3.12 -ss my var encryptingCertificate = new X509Certificate2( "protectionCertificate.pfx", "password", X509KeyStorageFlags.UserKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet); // You must put the cert in the store for unprotect to work. This is a limitation of the EncryptedXml class used to store the cert. var store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadWrite); store.Add(encryptingCertificate); store.Close(); // instantiate the data protection system at this folder var dataProtectionProvider = new DataProtectionProvider(new DirectoryInfo(programKeyStore), options => { // As we're using a self signed certificate we need to provide an instance of the certificate. // Thumb-print look-ups are restricted to "valid" certs (i.e. ones chained to a trusted root and which haven't expired) options.ProtectKeysWithCertificate(encryptingCertificate); options.SetApplicationName(appName); } ); var protector = dataProtectionProvider.CreateProtector(purpose); Console.Write("Enter input: "); string input = Console.ReadLine(); // protect the payload string protectedPayload = protector.Protect(input); Console.WriteLine($"Protect returned: {protectedPayload}"); // unprotect the payload string unprotectedPayload = protector.Unprotect(protectedPayload); Console.WriteLine($"Unprotect returned: {unprotectedPayload}"); // Clean up certificate store. store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadWrite); store.Remove(encryptingCertificate); Console.ReadLine(); }
public static IAppBuilder UseCookieAuthentication( this IAppBuilder app, CookieAuthenticationOptions options, DataProtectionProvider dataProtectionProvider, PipelineStage stage = PipelineStage.Authenticate) { var dataProtector = dataProtectionProvider.CreateProtector( "Microsoft.AspNet.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET 5 type options.AuthenticationType, "v2"); options.TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector)); return app.UseCookieAuthentication(options, stage); }
public TicketDataFormatTokenValidator(IDataProtectionProvider dataProtectionProvider) { if (dataProtectionProvider == null) { #if DNXCORE50 dataProtectionProvider = new DataProtectionProvider(new DirectoryInfo(Environment.GetEnvironmentVariable("Temp"))).CreateProtector("OAuth.AspNet.AuthServer"); #else dataProtectionProvider = new DataProtectionProvider(new DirectoryInfo(Environment.GetEnvironmentVariable("Temp", EnvironmentVariableTarget.Machine))).CreateProtector("OAuth.AspNet.AuthServer"); #endif } _ticketDataFormat = new TicketDataFormat(dataProtectionProvider.CreateProtector("Access_Token", "v1")); }
public void System_UsesProvidedDirectory() { WithUniqueTempDirectory(directory => { // Step 1: directory should be completely empty directory.Create(); Assert.Empty(directory.GetFiles()); // Step 2: instantiate the system and round-trip a payload var protector = new DataProtectionProvider(directory).CreateProtector("purpose"); Assert.Equal("payload", protector.Unprotect(protector.Protect("payload"))); // Step 3: validate that there's now a single key in the directory and that it's not protected var allFiles = directory.GetFiles(); Assert.Equal(1, allFiles.Length); Assert.StartsWith("key-", allFiles[0].Name, StringComparison.OrdinalIgnoreCase); string fileText = File.ReadAllText(allFiles[0].FullName); Assert.Contains("Warning: the key below is in an unencrypted form.", fileText, StringComparison.Ordinal); Assert.DoesNotContain("Windows DPAPI", fileText, StringComparison.Ordinal); }); }
static void Main(string[] args) { const string keyStore = "dataProtectionSamples"; const string appName = "X509ProtectedFileSystemNoDI"; const string purpose = "Demonstration"; var programKeyStore = Path.Combine( Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), $"{keyStore}\\{appName}"); Console.WriteLine($"Keys stored in\n{programKeyStore}"); // Certificate was generated with // makecert -r -pe -n "CN=Data Protection" -b 07/01/2015 -e 07/01/2020 -sky exchange -eku 1.3.6.1.4.1.311.10.3.12 -ss my var certificateStore = new X509Store(StoreLocation.CurrentUser); certificateStore.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); var encryptingCertificates = certificateStore.Certificates.Find( X509FindType.FindBySubjectDistinguishedName, "CN=Data Protection", false); // Must be false for self signed certs. certificateStore.Close(); if (encryptingCertificates == null || encryptingCertificates.Count == 0) { Console.WriteLine("Couldn't find the encryption certificate."); Environment.Exit(-1); } var encryptingCertificate = encryptingCertificates[0]; if (encryptingCertificate.PrivateKey == null) { Console.WriteLine("No private key available."); Environment.Exit(-1); } // instantiate the data protection system at this folder var dataProtectionProvider = new DataProtectionProvider(new DirectoryInfo(programKeyStore), options => { // As we're using a self signed certificate we need to provide an instance of the certificate. // Thumb-print look-ups are restricted to "valid" certs (i.e. ones chained to a trusted root and which haven't expired) options.ProtectKeysWithCertificate(encryptingCertificate); options.SetApplicationName(appName); } ); var protector = dataProtectionProvider.CreateProtector(purpose); Console.Write("Enter input: "); string input = Console.ReadLine(); // protect the payload string protectedPayload = protector.Protect(input); Console.WriteLine($"Protect returned: {protectedPayload}"); // unprotect the payload string unprotectedPayload = protector.Unprotect(protectedPayload); Console.WriteLine($"Unprotect returned: {unprotectedPayload}"); Console.ReadLine(); }