C# Azure网站上的数据保护/加密?
我正在尝试加密一些数据以存储在Azure上部署的网站的用户cookie中 我试着查看System.Security中的DataProtection API,但它们似乎都需要一个机器或用户作用域,当部署到Azure时,该作用域不起作用 然后,我尝试使用AESCryptServiceProvider并将密钥存储在我的Web.config中,但出现以下错误: 加密异常:数据保护操作失败 不成功的这可能是由于没有用户配置文件造成的 为当前线程的用户上下文加载,可能是这样 当线程正在模拟时 我读到了这个错误,显然你需要调整IIS设置,这对Azure不起作用 我还试着查看DataProtection Asp.NET核心包,但它带来了大量新包,并且提到需要在本地文件夹中存储加密信息的文档;如果没有专用机器,它似乎也无法在Azure上工作C# Azure网站上的数据保护/加密?,c#,asp.net,azure,encryption,C#,Asp.net,Azure,Encryption,我正在尝试加密一些数据以存储在Azure上部署的网站的用户cookie中 我试着查看System.Security中的DataProtection API,但它们似乎都需要一个机器或用户作用域,当部署到Azure时,该作用域不起作用 然后,我尝试使用AESCryptServiceProvider并将密钥存储在我的Web.config中,但出现以下错误: 加密异常:数据保护操作失败 不成功的这可能是由于没有用户配置文件造成的 为当前线程的用户上下文加载,可能是这样 当线程正在模拟时 我读到了这个错
保护/取消保护Azure网站上的数据的正确方法是什么?结果表明,只有DataProtection API抛出了错误
AesManaged
和AESCryptServiceProvider
都在Azure中工作。以下是我最终使用的:
private const string AesKey = "206283c07cbfda1c0c126ef56d78ba9a0aeb53a06cd65f10bd3a9cb9a68e3fe1";
public static byte[] Encrypt(byte[] toEncrypt)
{
byte[] encrypted;
var aes = new AesCryptoServiceProvider();
aes.Key = StringToByteArray(AesKey);
// Create a new IV for each item to encrypt
aes.GenerateIV();
byte[] iv = aes.IV;
using (var encrypter = aes.CreateEncryptor(aes.Key, iv))
using (var cipherStream = new MemoryStream())
{
using (var cryptoStream = new CryptoStream(cipherStream, encrypter, CryptoStreamMode.Write))
using (var binaryWriter = new BinaryWriter(cryptoStream))
{
// Prepend unencrypted IV to data
cipherStream.Write(iv, 0, iv.Length);
binaryWriter.Write(toEncrypt);
cryptoStream.FlushFinalBlock();
}
encrypted = cipherStream.ToArray();
}
return encrypted;
}
public static byte[] EncryptFromString(string toEncrypt)
{
return Encrypt(Encoding.UTF8.GetBytes(toEncrypt));
}
public static byte[] Decrypt(byte[] toDecrypt)
{
var aes = new AesCryptoServiceProvider();
aes.Key = StringToByteArray(AesKey);
// Pull out the unencrypted IV first
byte[] iv = new byte[16];
Array.Copy(toDecrypt, 0, iv, 0, iv.Length);
using (var encryptedMemoryStream = new MemoryStream())
{
using (var cryptoStream = new CryptoStream(encryptedMemoryStream, aes.CreateDecryptor(aes.Key, iv), CryptoStreamMode.Write))
using (var binaryWriter = new BinaryWriter(cryptoStream))
{
// Decrypt Cipher Text from Message
binaryWriter.Write(
toDecrypt,
iv.Length,
toDecrypt.Length - iv.Length
);
}
return encryptedMemoryStream.ToArray();
}
}
public static string DecryptToString(byte[] toDecrypt)
{
return Encoding.UTF8.GetString(Decrypt(toDecrypt));
}
public static string ByteArrayToString(byte[] array)
{
StringBuilder hex = new StringBuilder(array.Length * 2);
foreach (byte b in array)
{
hex.AppendFormat("{0:x2}", b);
}
return hex.ToString();
}
public static byte[] StringToByteArray(string hex)
{
int charCount = hex.Length;
byte[] bytes = new byte[charCount / 2];
for (int i = 0; i < charCount; i += 2)
{
bytes[i / 2] = Convert.ToByte(hex.Substring(i, 2), 16);
}
return bytes;
}
private const string AesKey=“206283c07cbfda1c0c126ef56d78ba9a0aeb53a06cd65f10bd3a9cb9a68e3fe1”;
公共静态字节[]加密(字节[]到加密)
{
字节[]加密;
var aes=新的AESCryptServiceProvider();
aes.Key=StringToByteArray(AesKey);
//为每个要加密的项目创建一个新的IV
aes.GenerateIV();
字节[]iv=aes.iv;
使用(var encrypter=aes.CreateEncryptor(aes.Key,iv))
使用(var cipherStream=new MemoryStream())
{
使用(var cryptoStream=新加密流(cipherStream、encrypter、CryptoStreamMode.Write))
使用(var binaryWriter=新的binaryWriter(加密流))
{
//将未加密的IV前置到数据
密码流写入(iv,0,iv.Length);
二进制编写器。写入(加密);
cryptoStream.FlushFinalBlock();
}
encrypted=cipherStream.ToArray();
}
返回加密;
}
公共静态字节[]EncryptFromString(字符串到加密)
{
返回Encrypt(Encoding.UTF8.GetBytes(toEncrypt));
}
公共静态字节[]解密(字节[]到解密)
{
var aes=新的AESCryptServiceProvider();
aes.Key=StringToByteArray(AesKey);
//先拔出未加密的IV
字节[]iv=新字节[16];
数组.Copy(toDecrypt,0,iv,0,iv.Length);
使用(var encryptedMemoryStream=new MemoryStream())
{
使用(var cryptoStream=new cryptoStream(encryptedMemoryStream,aes.CreateDecryptor(aes.Key,iv),CryptoStreamMode.Write))
使用(var binaryWriter=新的binaryWriter(加密流))
{
//从消息中解密密文
二进制编写器(
今天的演讲,
四、长度,
toDecrypt.长度-iv.长度
);
}
返回encryptedMemoryStream.ToArray();
}
}
公共静态字符串DecryptString(字节[]到Decrypt)
{
返回Encoding.UTF8.GetString(Decrypt(toDecrypt));
}
公共静态字符串ByteArrayToString(字节[]数组)
{
StringBuilder十六进制=新的StringBuilder(array.Length*2);
foreach(数组中的字节b)
{
十六进制格式(“{0:x2}”,b);
}
返回hex.ToString();
}
公共静态字节[]StringToByteArray(字符串十六进制)
{
int charCount=十六进制长度;
字节[]字节=新字节[charCount/2];
对于(int i=0;i
结果是只有DataProtection API抛出了错误AesManaged
和AESCryptServiceProvider
都在Azure中工作。以下是我最终使用的:
private const string AesKey = "206283c07cbfda1c0c126ef56d78ba9a0aeb53a06cd65f10bd3a9cb9a68e3fe1";
public static byte[] Encrypt(byte[] toEncrypt)
{
byte[] encrypted;
var aes = new AesCryptoServiceProvider();
aes.Key = StringToByteArray(AesKey);
// Create a new IV for each item to encrypt
aes.GenerateIV();
byte[] iv = aes.IV;
using (var encrypter = aes.CreateEncryptor(aes.Key, iv))
using (var cipherStream = new MemoryStream())
{
using (var cryptoStream = new CryptoStream(cipherStream, encrypter, CryptoStreamMode.Write))
using (var binaryWriter = new BinaryWriter(cryptoStream))
{
// Prepend unencrypted IV to data
cipherStream.Write(iv, 0, iv.Length);
binaryWriter.Write(toEncrypt);
cryptoStream.FlushFinalBlock();
}
encrypted = cipherStream.ToArray();
}
return encrypted;
}
public static byte[] EncryptFromString(string toEncrypt)
{
return Encrypt(Encoding.UTF8.GetBytes(toEncrypt));
}
public static byte[] Decrypt(byte[] toDecrypt)
{
var aes = new AesCryptoServiceProvider();
aes.Key = StringToByteArray(AesKey);
// Pull out the unencrypted IV first
byte[] iv = new byte[16];
Array.Copy(toDecrypt, 0, iv, 0, iv.Length);
using (var encryptedMemoryStream = new MemoryStream())
{
using (var cryptoStream = new CryptoStream(encryptedMemoryStream, aes.CreateDecryptor(aes.Key, iv), CryptoStreamMode.Write))
using (var binaryWriter = new BinaryWriter(cryptoStream))
{
// Decrypt Cipher Text from Message
binaryWriter.Write(
toDecrypt,
iv.Length,
toDecrypt.Length - iv.Length
);
}
return encryptedMemoryStream.ToArray();
}
}
public static string DecryptToString(byte[] toDecrypt)
{
return Encoding.UTF8.GetString(Decrypt(toDecrypt));
}
public static string ByteArrayToString(byte[] array)
{
StringBuilder hex = new StringBuilder(array.Length * 2);
foreach (byte b in array)
{
hex.AppendFormat("{0:x2}", b);
}
return hex.ToString();
}
public static byte[] StringToByteArray(string hex)
{
int charCount = hex.Length;
byte[] bytes = new byte[charCount / 2];
for (int i = 0; i < charCount; i += 2)
{
bytes[i / 2] = Convert.ToByte(hex.Substring(i, 2), 16);
}
return bytes;
}
private const string AesKey=“206283c07cbfda1c0c126ef56d78ba9a0aeb53a06cd65f10bd3a9cb9a68e3fe1”;
公共静态字节[]加密(字节[]到加密)
{
字节[]加密;
var aes=新的AESCryptServiceProvider();
aes.Key=StringToByteArray(AesKey);
//为每个要加密的项目创建一个新的IV
aes.GenerateIV();
字节[]iv=aes.iv;
使用(var encrypter=aes.CreateEncryptor(aes.Key,iv))
使用(var cipherStream=new MemoryStream())
{
使用(var cryptoStream=新加密流(cipherStream、encrypter、CryptoStreamMode.Write))
使用(var binaryWriter=新的binaryWriter(加密流))
{
//将未加密的IV前置到数据
密码流写入(iv,0,iv.Length);
二进制编写器。写入(加密);
cryptoStream.FlushFinalBlock();
}
encrypted=cipherStream.ToArray();
}
返回加密;
}
公共静态字节[]EncryptFromString(字符串到加密)
{
返回Encrypt(Encoding.UTF8.GetBytes(toEncrypt));
}
公共静态字节[]解密(字节[]到解密)
{
var aes=新的AESCryptServiceProvider();
aes.Key=StringToByteArray(AesKey);
//先拔出未加密的IV
字节[]iv=新字节[16];
数组.Copy(toDecrypt,0,iv,0,iv.Length);
使用(var encryptedMemoryStream=new MemoryStream())
{
使用(var cryptoStream=new cryptoStream(encryptedMemoryStream,aes.CreateDecryptor(aes.Key,iv),CryptoStreamMode.Write))
使用(var binaryWriter=新的binaryWriter(加密流))
{
//从消息中解密密文
二进制编写器(
今天的演讲,
四、长度,
toDecrypt.长度-iv.长度
);
}
返回encryptedMemoryStream.ToArray();
}
}
公共静态字符串DecryptString(字节[]到Decrypt)
{
返回Encoding.UTF8.GetString(Decrypt(toDecrypt));
}
公共静态字符串ByteArrayToString(字节[]数组)
{
StringBuilder十六进制=