.netCore WebAPI中字符串加密与解密

In today's digital landscape, securing sensitive information is more critical than ever. If you're using ASP.NET Core, you might store configuration settings in appsettings.json. However, hardcoding sensitive data like connection strings or API keys in plain text can expose your application to serious risks.

ASP.NET Core has built-in support for encryption through its Data Protection API. This can be used to secure sensitive information. The Data Protection API in ASP.NET Core allows you to easily encrypt and decrypt sensitive data, such as user information, and configuration settings. This article will guide you through encrypting and decrypting sensitive information using ASP.NET Core Data Protection API in your application.

ASP.NET Core includes the Data Protection API by default. You do not need to install additional packages unless you're storing keys externally (like Azure or Redis). Below are detailed steps for using this Data Protection API to protect sensitive information.

  1. 定义加解密封装类
csharp 复制代码
using Microsoft.AspNetCore.DataProtection;

namespace EncrytionAndDecryption
{
    public class EncryptionService
    {
        private readonly IDataProtector _protector;

        // Constructor to initialize the IDataProtector using dependency injection
        public EncryptionService(IDataProtectionProvider provider)
        {
            // 'MyPurpose' is a unique string that ensures different protection policies for different purposes
            _protector = provider.CreateProtector("MyPurpose");
        }

        // Method to encrypt plain text data
        public string EncryptData(string plainText)
        {
            return _protector.Protect(plainText);
        }

        // Method to decrypt the encrypted data
        public string DecryptData(string encryptedData)
        {
            try
            {
                return _protector.Unprotect(encryptedData);
            }
            catch (Exception ex)
            {
                // If decryption fails (e.g., data is tampered or invalid), handle the exception
                return $"Decryption failed: {ex.Message}";
            }
        }
    }
}
  1. DI配置
csharp 复制代码
//第一次运行使用这个配置,会在运行路径生成一个xml的key文件
builder.Services.AddDataProtection()
            .PersistKeysToFileSystem(new DirectoryInfo(AppContext.BaseDirectory))  // Optional: Specify where to store keys
            .SetApplicationName("Ellis Test");

//当你第一次生成xml后,请使用下面的配置,避免重复生成xml,你只需要在你发布完成后,将上面步骤生成的xml拷贝到运行目录下即可
//builder.Services.AddDataProtection()
//            .PersistKeysToFileSystem(new DirectoryInfo(AppContext.BaseDirectory))  // Optional: Specify where to store keys
//            .SetApplicationName("Ellis Test").DisableAutomaticKeyGeneration();

// Register the EncryptionService for dependency injection
builder.Services.AddScoped<EncryptionService>();
  1. 添加controller
csharp 复制代码
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;

namespace EncrytionAndDecryption.Controllers
{
    [Route("api/[controller]/[action]")]
    [ApiController]
    public class EnDeController : ControllerBase
    {
        private readonly EncryptionService _encryptionService;

        public EnDeController(EncryptionService encryptionService)
        {
            _encryptionService = encryptionService;
        }

        // Action to encrypt sensitive data
        [HttpPost]
        public IActionResult EncryptData(string sensitiveData)
        {
            // Call the EncryptData method to encrypt the input
            var encryptedData = _encryptionService.EncryptData(sensitiveData);

            // For demonstration purposes, return the encrypted data to the view
            return Content($"Encrypted data: {encryptedData}");
        }

        // Action to decrypt previously encrypted data
        [HttpPost]
        public IActionResult DecryptData(string encryptedData)
        {
            // Call the DecryptData method to decrypt the encrypted data
            var decryptedData = _encryptionService.DecryptData(encryptedData);

            // For demonstration purposes, return the decrypted data to the view
            return Content($"Decrypted data: {decryptedData}");
        }
    }
}
  1. 发布
    发布之前将DI修改如下。并将之前生成的xml文件copy到发布路径下
csharp 复制代码
//当你第一次生成xml后,请使用下面的配置,避免重复生成xml,你只需要在你发布完成后,将上面步骤生成的xml拷贝到运行目录下即可
builder.Services.AddDataProtection()
            .PersistKeysToFileSystem(new DirectoryInfo(AppContext.BaseDirectory))  // Optional: Specify where to store keys
            .SetApplicationName("Ellis Test").DisableAutomaticKeyGeneration();
  1. 运行
bash 复制代码
dotnet EncrytionAndDecryption.dll --urls "http://localhost:8888"

https://github.com/xdqt/asp.net-core/tree/master/EncrytionAndDecryption

设置存储key的路径

相关推荐
棉晗榜15 天前
C# .net core添加单元测试项目,依赖注入接口测试
单元测试·c#·.netcore
时光追逐者15 天前
.NET初级软件工程师面试经验分享
经验分享·面试·职场和发展·c#·.net·.netcore
忧郁的蛋~17 天前
.NET Core 实现缓存的预热的方式
缓存·c#·.net·.netcore
csdn_aspnet18 天前
C# .NET Core 源代码生成器(dotnet source generators)
c#·.netcore
时光追逐者18 天前
C#/.NET/.NET Core技术前沿周刊 | 第 42 期(2025年6.9-6.15)
c#·.net·.netcore
csdn_aspnet19 天前
使用 C# 源生成器(Source Generators)进行高效开发:增强 Blazor 及其他功能
c#·.netcore
lgaof65822@gmail.com21 天前
Asp.Net Core SignalR导入数据
前端·后端·asp.net·.netcore
眸笑丶21 天前
.NET Core 数据库连接字符串加密与解密
数据库·oracle·.netcore
时光追逐者23 天前
C#/.NET/.NET Core技术前沿周刊 | 第 41 期(2025年6.1-6.8)
c#·.net·.netcore
lgaof65822@gmail.com1 个月前
ASP.NET Core SignalR - 部分客户端消息发送
后端·asp.net·.netcore