.netCore WebAPI中字符串加密与解密

In today's digital landscape, securing sensitive information is more critical than ever. If you're using ASP.NET Core, you might store configuration settings in appsettings.json. However, hardcoding sensitive data like connection strings or API keys in plain text can expose your application to serious risks.

ASP.NET Core has built-in support for encryption through its Data Protection API. This can be used to secure sensitive information. The Data Protection API in ASP.NET Core allows you to easily encrypt and decrypt sensitive data, such as user information, and configuration settings. This article will guide you through encrypting and decrypting sensitive information using ASP.NET Core Data Protection API in your application.

ASP.NET Core includes the Data Protection API by default. You do not need to install additional packages unless you're storing keys externally (like Azure or Redis). Below are detailed steps for using this Data Protection API to protect sensitive information.

  1. 定义加解密封装类
csharp 复制代码
using Microsoft.AspNetCore.DataProtection;

namespace EncrytionAndDecryption
{
    public class EncryptionService
    {
        private readonly IDataProtector _protector;

        // Constructor to initialize the IDataProtector using dependency injection
        public EncryptionService(IDataProtectionProvider provider)
        {
            // 'MyPurpose' is a unique string that ensures different protection policies for different purposes
            _protector = provider.CreateProtector("MyPurpose");
        }

        // Method to encrypt plain text data
        public string EncryptData(string plainText)
        {
            return _protector.Protect(plainText);
        }

        // Method to decrypt the encrypted data
        public string DecryptData(string encryptedData)
        {
            try
            {
                return _protector.Unprotect(encryptedData);
            }
            catch (Exception ex)
            {
                // If decryption fails (e.g., data is tampered or invalid), handle the exception
                return $"Decryption failed: {ex.Message}";
            }
        }
    }
}
  1. DI配置
csharp 复制代码
//第一次运行使用这个配置,会在运行路径生成一个xml的key文件
builder.Services.AddDataProtection()
            .PersistKeysToFileSystem(new DirectoryInfo(AppContext.BaseDirectory))  // Optional: Specify where to store keys
            .SetApplicationName("Ellis Test");

//当你第一次生成xml后,请使用下面的配置,避免重复生成xml,你只需要在你发布完成后,将上面步骤生成的xml拷贝到运行目录下即可
//builder.Services.AddDataProtection()
//            .PersistKeysToFileSystem(new DirectoryInfo(AppContext.BaseDirectory))  // Optional: Specify where to store keys
//            .SetApplicationName("Ellis Test").DisableAutomaticKeyGeneration();

// Register the EncryptionService for dependency injection
builder.Services.AddScoped<EncryptionService>();
  1. 添加controller
csharp 复制代码
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;

namespace EncrytionAndDecryption.Controllers
{
    [Route("api/[controller]/[action]")]
    [ApiController]
    public class EnDeController : ControllerBase
    {
        private readonly EncryptionService _encryptionService;

        public EnDeController(EncryptionService encryptionService)
        {
            _encryptionService = encryptionService;
        }

        // Action to encrypt sensitive data
        [HttpPost]
        public IActionResult EncryptData(string sensitiveData)
        {
            // Call the EncryptData method to encrypt the input
            var encryptedData = _encryptionService.EncryptData(sensitiveData);

            // For demonstration purposes, return the encrypted data to the view
            return Content($"Encrypted data: {encryptedData}");
        }

        // Action to decrypt previously encrypted data
        [HttpPost]
        public IActionResult DecryptData(string encryptedData)
        {
            // Call the DecryptData method to decrypt the encrypted data
            var decryptedData = _encryptionService.DecryptData(encryptedData);

            // For demonstration purposes, return the decrypted data to the view
            return Content($"Decrypted data: {decryptedData}");
        }
    }
}
  1. 发布
    发布之前将DI修改如下。并将之前生成的xml文件copy到发布路径下
csharp 复制代码
//当你第一次生成xml后,请使用下面的配置,避免重复生成xml,你只需要在你发布完成后,将上面步骤生成的xml拷贝到运行目录下即可
builder.Services.AddDataProtection()
            .PersistKeysToFileSystem(new DirectoryInfo(AppContext.BaseDirectory))  // Optional: Specify where to store keys
            .SetApplicationName("Ellis Test").DisableAutomaticKeyGeneration();
  1. 运行
bash 复制代码
dotnet EncrytionAndDecryption.dll --urls "http://localhost:8888"

https://github.com/xdqt/asp.net-core/tree/master/EncrytionAndDecryption

设置存储key的路径

相关推荐
时光追逐者12 小时前
.NET 9 中 LINQ 新增功能实操
开发语言·开源·c#·.net·.netcore·linq·微软技术
宝桥南山2 天前
.NET 9 - BinaryFormatter移除
microsoft·微软·c#·asp.net·.net·.netcore
PasteSpider3 天前
贴代码框架PasteForm特性介绍之datetime,daterange
前端·html·.netcore·crud
csdn_aspnet4 天前
ASP.NET Core Webapi 返回数据的三种方式
.netcore
技术拾荒者6 天前
Net.Core Mvc 添加 log 日志
c#·asp.net·mvc·.netcore
一包烟电脑面前做一天6 天前
.netcore + postgis 保存地图围栏数据
.netcore·postgis·geometry·polygon
yz-俞祥胜7 天前
杨中科 .Net Core 笔记 DI 依赖注入2
笔记·.netcore
鸠摩智首席音效师7 天前
.NET Core 应用程序如何在 Linux 中创建 Systemd 服务 ?
linux·运维·.netcore
丨我是张先生丨8 天前
Windows VSCode .NET CORE WebAPI Debug配置
.netcore