.netCore WebAPI中字符串加密与解密

In today's digital landscape, securing sensitive information is more critical than ever. If you're using ASP.NET Core, you might store configuration settings in appsettings.json. However, hardcoding sensitive data like connection strings or API keys in plain text can expose your application to serious risks.

ASP.NET Core has built-in support for encryption through its Data Protection API. This can be used to secure sensitive information. The Data Protection API in ASP.NET Core allows you to easily encrypt and decrypt sensitive data, such as user information, and configuration settings. This article will guide you through encrypting and decrypting sensitive information using ASP.NET Core Data Protection API in your application.

ASP.NET Core includes the Data Protection API by default. You do not need to install additional packages unless you're storing keys externally (like Azure or Redis). Below are detailed steps for using this Data Protection API to protect sensitive information.

  1. 定义加解密封装类
csharp 复制代码
using Microsoft.AspNetCore.DataProtection;

namespace EncrytionAndDecryption
{
    public class EncryptionService
    {
        private readonly IDataProtector _protector;

        // Constructor to initialize the IDataProtector using dependency injection
        public EncryptionService(IDataProtectionProvider provider)
        {
            // 'MyPurpose' is a unique string that ensures different protection policies for different purposes
            _protector = provider.CreateProtector("MyPurpose");
        }

        // Method to encrypt plain text data
        public string EncryptData(string plainText)
        {
            return _protector.Protect(plainText);
        }

        // Method to decrypt the encrypted data
        public string DecryptData(string encryptedData)
        {
            try
            {
                return _protector.Unprotect(encryptedData);
            }
            catch (Exception ex)
            {
                // If decryption fails (e.g., data is tampered or invalid), handle the exception
                return $"Decryption failed: {ex.Message}";
            }
        }
    }
}
  1. DI配置
csharp 复制代码
//第一次运行使用这个配置,会在运行路径生成一个xml的key文件
builder.Services.AddDataProtection()
            .PersistKeysToFileSystem(new DirectoryInfo(AppContext.BaseDirectory))  // Optional: Specify where to store keys
            .SetApplicationName("Ellis Test");

//当你第一次生成xml后,请使用下面的配置,避免重复生成xml,你只需要在你发布完成后,将上面步骤生成的xml拷贝到运行目录下即可
//builder.Services.AddDataProtection()
//            .PersistKeysToFileSystem(new DirectoryInfo(AppContext.BaseDirectory))  // Optional: Specify where to store keys
//            .SetApplicationName("Ellis Test").DisableAutomaticKeyGeneration();

// Register the EncryptionService for dependency injection
builder.Services.AddScoped<EncryptionService>();
  1. 添加controller
csharp 复制代码
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;

namespace EncrytionAndDecryption.Controllers
{
    [Route("api/[controller]/[action]")]
    [ApiController]
    public class EnDeController : ControllerBase
    {
        private readonly EncryptionService _encryptionService;

        public EnDeController(EncryptionService encryptionService)
        {
            _encryptionService = encryptionService;
        }

        // Action to encrypt sensitive data
        [HttpPost]
        public IActionResult EncryptData(string sensitiveData)
        {
            // Call the EncryptData method to encrypt the input
            var encryptedData = _encryptionService.EncryptData(sensitiveData);

            // For demonstration purposes, return the encrypted data to the view
            return Content($"Encrypted data: {encryptedData}");
        }

        // Action to decrypt previously encrypted data
        [HttpPost]
        public IActionResult DecryptData(string encryptedData)
        {
            // Call the DecryptData method to decrypt the encrypted data
            var decryptedData = _encryptionService.DecryptData(encryptedData);

            // For demonstration purposes, return the decrypted data to the view
            return Content($"Decrypted data: {decryptedData}");
        }
    }
}
  1. 发布
    发布之前将DI修改如下。并将之前生成的xml文件copy到发布路径下
csharp 复制代码
//当你第一次生成xml后,请使用下面的配置,避免重复生成xml,你只需要在你发布完成后,将上面步骤生成的xml拷贝到运行目录下即可
builder.Services.AddDataProtection()
            .PersistKeysToFileSystem(new DirectoryInfo(AppContext.BaseDirectory))  // Optional: Specify where to store keys
            .SetApplicationName("Ellis Test").DisableAutomaticKeyGeneration();
  1. 运行
bash 复制代码
dotnet EncrytionAndDecryption.dll --urls "http://localhost:8888"

https://github.com/xdqt/asp.net-core/tree/master/EncrytionAndDecryption

设置存储key的路径

相关推荐
*长铗归来*6 小时前
ASP.NET Core Web API 中控制器操作的返回类型及Swagger
后端·c#·asp.net·.netcore
IDOlaoluo6 小时前
VS2017 安装 .NET Core 2.2 SDK 教程(包括 dotnet-sdk-2.2.108-win-x64.exe 安装步骤)
.netcore
csdn_aspnet8 天前
使用 Entity Framework Code First 方法创建 ASP.NET Core 5.0 Web API
.netcore·webapi
小先生8128 天前
.NET Core项目中 Serilog日志文件配置
c#·.netcore
爱吃香蕉的阿豪8 天前
.NET Core 中 System.Text.Json 与 Newtonsoft.Json 深度对比:用法、性能与场景选型
数据库·json·.netcore
csdn_aspnet8 天前
ASP.NET Core 10.0 的主要变化
.netcore
csdn_aspnet11 天前
在 C# .NETCore 中使用 MongoDB(第 1 部分):驱动程序基础知识和插入文档
mongodb·.netcore
csdn_aspnet11 天前
在 C# .NETCore 中使用 MongoDB(第 3 部分):跳过、排序、限制和投影
mongodb·c#·.netcore
csdn_aspnet12 天前
在 C# .NETCore 中使用 MongoDB(第 2 部分):使用过滤子句检索文档
mongodb·c#·.netcore
csdn_aspnet15 天前
.NET Core 中 RabbitMQ 和 MassTransit 的使用
rabbitmq·.netcore·masstransit