All geek questions in one place

Is it possible to protect one element in the appSettings section instead of the entire section?

I would like to protect one key / value pair in my applications, but not others, using something like previously done using the ProtectSection method, as shown below.

var configurationSection = config.GetSection("appSettings"); configurationSection.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");

Ideally, I would like to do something like the following:

 var configurationElement = config.GetSection("appSettings").GetElement("Protected"); configurationElement.ElementInformation.ProtectElement("DataProtectionConfigurationProvider");

Here is an example appSettings I'm working on:

 <configuration> <appSettings> <add key="Unprotected" value="ChangeMeFreely" /> <add key="Protected" value="########"/> </appSettings> </configuration>

I searched, but did not find a way to do this. Is it possible?

+4
source share
2 answers

Out of the Box — .NET offers you the ability to encrypt partitions, but not individual elements. However, since these are only strings, you yourself can create some scheme to encrypt the string before saving it to a file and decrypt it after reading it from the configuration file.

But it will not be transparent - you will need to do it yourself, and you must do it explicitly.

+4
source

I had the same problem when I needed to encrypt one value from the application settings section. I used the private EncryptText and DecryptText methods of the EncryptText class, which allowed me to encrypt any text values, and not necessarily configuration items.

Here is a helper class:

 public class WebConfigEncryption { private readonly DpapiProtectedConfigurationProvider _provider; private readonly MethodInfo _encryptTextMethod; private readonly MethodInfo _decryptTextMethod; public WebConfigEncryption() { _provider = new DpapiProtectedConfigurationProvider(); _encryptTextMethod = _provider.GetType().GetMethod("EncryptText", BindingFlags.Instance | BindingFlags.NonPublic); _decryptTextMethod = _provider.GetType().GetMethod("DecryptText", BindingFlags.Instance | BindingFlags.NonPublic); } public string Encrypt(string value) { var encryptedValue = value != null ? (string)_encryptTextMethod.Invoke(_provider, new object[] { value }) : null; return encryptedValue; } public string Decrypt(string value) { var decryptedValue = value != null ? (string)_decryptTextMethod.Invoke(_provider, new object[] { value }) : null; return decryptedValue; } }

Usage example:

 [Test] public void EncryptDecryptTest() { var instance = new WebConfigEncryption(); var encrypted = instance.Encrypt("123"); var decrypted = instance.Decrypt(encrypted); Assert.That(decrypted, Is.EqualTo("123")); }

Also, if you have access to XmlNode or XmlElement instances, you can use the public methods of the provider class: DpapiProtectedConfigurationProvider.Encrypt(XmlNode) and DpapiProtectedConfigurationProvider.Decrypt(XmlNode) instead of reflection.

0
source

Source: https://habr.com/ru/post/1308279/

More articles:


All Articles