.netCore WebAPI中字符串加密与解密

In today's digital landscape, securing sensitive information is more critical than ever. If you're using ASP.NET Core, you might store configuration settings in appsettings.json. However, hardcoding sensitive data like connection strings or API keys in plain text can expose your application to serious risks.

ASP.NET Core has built-in support for encryption through its Data Protection API. This can be used to secure sensitive information. The Data Protection API in ASP.NET Core allows you to easily encrypt and decrypt sensitive data, such as user information, and configuration settings. This article will guide you through encrypting and decrypting sensitive information using ASP.NET Core Data Protection API in your application.

ASP.NET Core includes the Data Protection API by default. You do not need to install additional packages unless you're storing keys externally (like Azure or Redis). Below are detailed steps for using this Data Protection API to protect sensitive information.

  1. 定义加解密封装类
csharp 复制代码
using Microsoft.AspNetCore.DataProtection;

namespace EncrytionAndDecryption
{
    public class EncryptionService
    {
        private readonly IDataProtector _protector;

        // Constructor to initialize the IDataProtector using dependency injection
        public EncryptionService(IDataProtectionProvider provider)
        {
            // 'MyPurpose' is a unique string that ensures different protection policies for different purposes
            _protector = provider.CreateProtector("MyPurpose");
        }

        // Method to encrypt plain text data
        public string EncryptData(string plainText)
        {
            return _protector.Protect(plainText);
        }

        // Method to decrypt the encrypted data
        public string DecryptData(string encryptedData)
        {
            try
            {
                return _protector.Unprotect(encryptedData);
            }
            catch (Exception ex)
            {
                // If decryption fails (e.g., data is tampered or invalid), handle the exception
                return $"Decryption failed: {ex.Message}";
            }
        }
    }
}
  1. DI配置
csharp 复制代码
//第一次运行使用这个配置,会在运行路径生成一个xml的key文件
builder.Services.AddDataProtection()
            .PersistKeysToFileSystem(new DirectoryInfo(AppContext.BaseDirectory))  // Optional: Specify where to store keys
            .SetApplicationName("Ellis Test");

//当你第一次生成xml后,请使用下面的配置,避免重复生成xml,你只需要在你发布完成后,将上面步骤生成的xml拷贝到运行目录下即可
//builder.Services.AddDataProtection()
//            .PersistKeysToFileSystem(new DirectoryInfo(AppContext.BaseDirectory))  // Optional: Specify where to store keys
//            .SetApplicationName("Ellis Test").DisableAutomaticKeyGeneration();

// Register the EncryptionService for dependency injection
builder.Services.AddScoped<EncryptionService>();
  1. 添加controller
csharp 复制代码
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;

namespace EncrytionAndDecryption.Controllers
{
    [Route("api/[controller]/[action]")]
    [ApiController]
    public class EnDeController : ControllerBase
    {
        private readonly EncryptionService _encryptionService;

        public EnDeController(EncryptionService encryptionService)
        {
            _encryptionService = encryptionService;
        }

        // Action to encrypt sensitive data
        [HttpPost]
        public IActionResult EncryptData(string sensitiveData)
        {
            // Call the EncryptData method to encrypt the input
            var encryptedData = _encryptionService.EncryptData(sensitiveData);

            // For demonstration purposes, return the encrypted data to the view
            return Content($"Encrypted data: {encryptedData}");
        }

        // Action to decrypt previously encrypted data
        [HttpPost]
        public IActionResult DecryptData(string encryptedData)
        {
            // Call the DecryptData method to decrypt the encrypted data
            var decryptedData = _encryptionService.DecryptData(encryptedData);

            // For demonstration purposes, return the decrypted data to the view
            return Content($"Decrypted data: {decryptedData}");
        }
    }
}
  1. 发布
    发布之前将DI修改如下。并将之前生成的xml文件copy到发布路径下
csharp 复制代码
//当你第一次生成xml后,请使用下面的配置,避免重复生成xml,你只需要在你发布完成后,将上面步骤生成的xml拷贝到运行目录下即可
builder.Services.AddDataProtection()
            .PersistKeysToFileSystem(new DirectoryInfo(AppContext.BaseDirectory))  // Optional: Specify where to store keys
            .SetApplicationName("Ellis Test").DisableAutomaticKeyGeneration();
  1. 运行
bash 复制代码
dotnet EncrytionAndDecryption.dll --urls "http://localhost:8888"

https://github.com/xdqt/asp.net-core/tree/master/EncrytionAndDecryption

设置存储key的路径

相关推荐
沪上百卉2 小时前
.NET Core 常用的三个生命周期
.netcore
时光追逐者1 天前
C#/.NET/.NET Core学习路线集合,学习不迷路!
开发语言·学习·c#·asp.net·.net·.netcore·微软技术
Jeffrey侠客2 天前
.Net Core 6.0 WebApi在Centos中部署
linux·centos·.netcore
技术拾荒者2 天前
.net core mvc 控制器中页面跳转
后端·c#·asp.net·mvc·.netcore
时光追逐者2 天前
Visual Studio 2022:一个功能全面且强大的IDE
ide·c#·.net·.netcore·visual studio
.Net Core 爱好者5 天前
ASP .NET CORE 6 在项目中集成WatchDog开源项目
c#·.net·.netcore
想起你的日子5 天前
.net core 接口,动态接收各类型请求的参数
.netcore
qq_383139845 天前
Quartz实现定时调用接口(.net core2.0)
.netcore
时光追逐者5 天前
一个.NET开源、轻量级的运行耗时统计库 - MethodTimer
开源·c#·asp.net·.net·.netcore·微软技术