static void Main(string[] args) { const string keyStore = "dataProtectionSamples"; const string appName = "SimpleFileSystemNoDI"; const string purpose = "Demonstration"; var programKeyStore = Path.Combine( Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), $"{keyStore}\\{appName}"); Console.WriteLine($"Keys stored in\n{programKeyStore}"); // instantiate the data protection system at this folder var dataProtectionProvider = new DataProtectionProvider(new DirectoryInfo(programKeyStore), options => { options.SetApplicationName(appName); }); var protector = dataProtectionProvider.CreateProtector(purpose); Console.Write("Enter input: "); string input = Console.ReadLine(); // protect the payload string protectedPayload = protector.Protect(input); Console.WriteLine($"Protect returned: {protectedPayload}"); // unprotect the payload string unprotectedPayload = protector.Unprotect(protectedPayload); Console.WriteLine($"Unprotect returned: {unprotectedPayload}"); Console.ReadLine(); }
public static void Main(string[] args) { // get the path to %LOCALAPPDATA%\myapp-keys string destFolder = Path.Combine( Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "myapp-keys"); // instantiate the data protection system at this folder var dataProtectionProvider = new DataProtectionProvider( new DirectoryInfo(destFolder), configuration => { configuration.SetApplicationName("my app name"); configuration.ProtectKeysWithDpapi(); }); var protector = dataProtectionProvider.CreateProtector("Program.No-DI"); Console.Write("Enter input: "); string input = Console.ReadLine(); // protect the payload string protectedPayload = protector.Protect(input); Console.WriteLine($"Protect returned: {protectedPayload}"); // unprotect the payload string unprotectedPayload = protector.Unprotect(protectedPayload); Console.WriteLine($"Unprotect returned: {unprotectedPayload}"); }
public static void Main(string[] args) { // create a protector for my application var provider = new DataProtectionProvider(new DirectoryInfo(@"c:\myapp-keys\")); var baseProtector = provider.CreateProtector("Contoso.TimeLimitedSample"); // convert the normal protector into a time-limited protector var timeLimitedProtector = baseProtector.ToTimeLimitedDataProtector(); // get some input and protect it for five seconds Console.Write("Enter input: "); string input = Console.ReadLine(); string protectedData = timeLimitedProtector.Protect(input, lifetime: TimeSpan.FromSeconds(5)); Console.WriteLine($"Protected data: {protectedData}"); // unprotect it to demonstrate that round-tripping works properly string roundtripped = timeLimitedProtector.Unprotect(protectedData); Console.WriteLine($"Round-tripped data: {roundtripped}"); // wait 6 seconds and perform another unprotect, demonstrating that the payload self-expires Console.WriteLine("Waiting 6 seconds..."); Thread.Sleep(6000); timeLimitedProtector.Unprotect(protectedData); }
static void Main(string[] args) { const string keyStore = "dataProtectionSamples"; const string appName = "X509ProtectedFileSystemNoDI"; const string purpose = "Demonstration"; var programKeyStore = Path.Combine( Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), $"{keyStore}\\{appName}"); Console.WriteLine($"Keys stored in\n{programKeyStore}"); // Normally you'd have the certificate in the user certificate store, this is just for demo purposes. // Don't hardcode certificate passwords! // Certificate was generated with // makecert -r -pe -n "CN=Data Protection" -b 07/01/2015 -e 07/01/2020 -sky exchange -eku 1.3.6.1.4.1.311.10.3.12 -ss my var encryptingCertificate = new X509Certificate2( "protectionCertificate.pfx", "password", X509KeyStorageFlags.UserKeySet | X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet); // You must put the cert in the store for unprotect to work. This is a limitation of the EncryptedXml class used to store the cert. var store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadWrite); store.Add(encryptingCertificate); store.Close(); // instantiate the data protection system at this folder var dataProtectionProvider = new DataProtectionProvider(new DirectoryInfo(programKeyStore), options => { // As we're using a self signed certificate we need to provide an instance of the certificate. // Thumb-print look-ups are restricted to "valid" certs (i.e. ones chained to a trusted root and which haven't expired) options.ProtectKeysWithCertificate(encryptingCertificate); options.SetApplicationName(appName); } ); var protector = dataProtectionProvider.CreateProtector(purpose); Console.Write("Enter input: "); string input = Console.ReadLine(); // protect the payload string protectedPayload = protector.Protect(input); Console.WriteLine($"Protect returned: {protectedPayload}"); // unprotect the payload string unprotectedPayload = protector.Unprotect(protectedPayload); Console.WriteLine($"Unprotect returned: {unprotectedPayload}"); // Clean up certificate store. store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadWrite); store.Remove(encryptingCertificate); Console.ReadLine(); }
public static IAppBuilder UseCookieAuthentication( this IAppBuilder app, CookieAuthenticationOptions options, DataProtectionProvider dataProtectionProvider, PipelineStage stage = PipelineStage.Authenticate) { var dataProtector = dataProtectionProvider.CreateProtector( "Microsoft.AspNet.Authentication.Cookies.CookieAuthenticationMiddleware", // full name of the ASP.NET 5 type options.AuthenticationType, "v2"); options.TicketDataFormat = new AspNetTicketDataFormat(new DataProtectorShim(dataProtector)); return app.UseCookieAuthentication(options, stage); }
static void Main(string[] args) { const string keyStore = "dataProtectionSamples"; const string appName = "X509ProtectedFileSystemNoDI"; const string purpose = "Demonstration"; var programKeyStore = Path.Combine( Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), $"{keyStore}\\{appName}"); Console.WriteLine($"Keys stored in\n{programKeyStore}"); // Certificate was generated with // makecert -r -pe -n "CN=Data Protection" -b 07/01/2015 -e 07/01/2020 -sky exchange -eku 1.3.6.1.4.1.311.10.3.12 -ss my var certificateStore = new X509Store(StoreLocation.CurrentUser); certificateStore.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); var encryptingCertificates = certificateStore.Certificates.Find( X509FindType.FindBySubjectDistinguishedName, "CN=Data Protection", false); // Must be false for self signed certs. certificateStore.Close(); if (encryptingCertificates == null || encryptingCertificates.Count == 0) { Console.WriteLine("Couldn't find the encryption certificate."); Environment.Exit(-1); } var encryptingCertificate = encryptingCertificates[0]; if (encryptingCertificate.PrivateKey == null) { Console.WriteLine("No private key available."); Environment.Exit(-1); } // instantiate the data protection system at this folder var dataProtectionProvider = new DataProtectionProvider(new DirectoryInfo(programKeyStore), options => { // As we're using a self signed certificate we need to provide an instance of the certificate. // Thumb-print look-ups are restricted to "valid" certs (i.e. ones chained to a trusted root and which haven't expired) options.ProtectKeysWithCertificate(encryptingCertificate); options.SetApplicationName(appName); } ); var protector = dataProtectionProvider.CreateProtector(purpose); Console.Write("Enter input: "); string input = Console.ReadLine(); // protect the payload string protectedPayload = protector.Protect(input); Console.WriteLine($"Protect returned: {protectedPayload}"); // unprotect the payload string unprotectedPayload = protector.Unprotect(protectedPayload); Console.WriteLine($"Unprotect returned: {unprotectedPayload}"); Console.ReadLine(); }