53 lines
2.5 KiB
ReStructuredText
53 lines
2.5 KiB
ReStructuredText
|
.. _data-protection-implementation-key-storage-ephemeral:
|
|||
|
|
|
|||
|
|
Ephemeral data protection providers
|
|||
|
|
===================================
|
|||
|
|
|
|||
|
|
There are scenarios where an application needs a throwaway IDataProtectionProvider. For example, the developer might just be experimenting in a one-off console application, or the application itself is transient (it's scripted or a unit test project). To support these scenarios the package Microsoft.AspNet.DataProtection includes a type EphemeralDataProtectionProvider. This type provides a basic implementation of IDataProtectionProvider whose key repository is held solely in-memory and isn't written out to any backing store.
|
|||
|
|
|
|||
|
|
Each instance of EphemeralDataProtectionProvider uses its own unique master key. Therefore, if an IDataProtector rooted at an EphemeralDataProtectionProvider generates a protected payload, that payload can only be unprotected by an equivalent IDataProtector (given the same :ref:`purpose <data-protection-consumer-apis-purposes>` chain) rooted at the same EphemeralDataProtectionProvider instance.
|
|||
|
|
|
|||
|
|
The following sample demonstrates instantiating an EphemeralDataProtectionProvider and using it to protect and unprotect data.
|
|||
|
|
|
|||
|
|
.. code-block:: c#
|
|||
|
|
|
|||
|
|
using System;
|
|||
|
|
using Microsoft.AspNet.DataProtection;
|
|||
|
|
|
|||
|
|
public class Program
|
|||
|
|
{
|
|||
|
|
public static void Main(string[] args)
|
|||
|
|
{
|
|||
|
|
const string purpose = "Ephemeral.App.v1";
|
|||
|
|
|
|||
|
|
// create an ephemeral provider and demonstrate that it can round-trip a payload
|
|||
|
|
var provider = new EphemeralDataProtectionProvider();
|
|||
|
|
var protector = provider.CreateProtector(purpose);
|
|||
|
|
Console.Write("Enter input: ");
|
|||
|
|
string input = Console.ReadLine();
|
|||
|
|
|
|||
|
|
// protect the payload
|
|||
|
|
string protectedPayload = protector.Protect(input);
|
|||
|
|
Console.WriteLine($"Protect returned: {protectedPayload}");
|
|||
|
|
|
|||
|
|
// unprotect the payload
|
|||
|
|
string unprotectedPayload = protector.Unprotect(protectedPayload);
|
|||
|
|
Console.WriteLine($"Unprotect returned: {unprotectedPayload}");
|
|||
|
|
|
|||
|
|
// if I create a new ephemeral provider, it won't be able to unprotect existing
|
|||
|
|
// payloads, even if I specify the same purpose
|
|||
|
|
provider = new EphemeralDataProtectionProvider();
|
|||
|
|
protector = provider.CreateProtector(purpose);
|
|||
|
|
unprotectedPayload = protector.Unprotect(protectedPayload); // THROWS
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
/*
|
|||
|
|
* SAMPLE OUTPUT
|
|||
|
|
*
|
|||
|
|
* Enter input: Hello!
|
|||
|
|
* Protect returned: CfDJ8AAAAAAAAAAAAAAAAAAAAA...uGoxWLjGKtm1SkNACQ
|
|||
|
|
* Unprotect returned: Hello!
|
|||
|
|
* << throws CryptographicException >>
|
|||
|
|
*/
|