Created
January 30, 2017 07:53
-
-
Save FredrikGoransson/2dc613052fe31222453c7ce5a3f2a5d7 to your computer and use it in GitHub Desktop.
Test RSA Crypt container in ASP.NET
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Security.AccessControl; | |
using System.Security.Cryptography; | |
using System.Security.Principal; | |
using System.Text; | |
using Microsoft.AspNetCore.Mvc; | |
namespace Azure.SO.Answer._41615391.Controllers | |
{ | |
public class Result | |
{ | |
public string Name { get; set; } | |
public string OriginalContent { get; set; } | |
public string EncryptedContent { get; set; } | |
public string DecryptedContent { get; set; } | |
public string ContainerStore { get; set; } | |
public string ContainerName { get; set; } | |
public string Identity { get; set; } | |
public string Exception { get; set; } | |
} | |
public class RSAController : Controller | |
{ | |
public IActionResult Test() | |
{ | |
var testString = @"hello world"; | |
var results = new List<Result>(); | |
// Everyone identity, machine wide store, same container name | |
results.Add(TestContainer("Everyone identity, machine wide store, same container name", testString, GetEveryoneIdentity(), | |
CspProviderFlags.UseMachineKeyStore, "container_global")); | |
// Everyone identity, machine wide store, container per identity | |
results.Add(TestContainer("Everyone identity, machine wide store, container per identity", testString, GetEveryoneIdentity(), | |
CspProviderFlags.UseMachineKeyStore, $"container_{GetWindowsIdentity()}")); | |
// Everyone identity, user wide store, same container name | |
results.Add(TestContainer("Everyone identity, user wide store, same container name", testString, GetEveryoneIdentity(), | |
CspProviderFlags.UseDefaultKeyContainer, "container_global")); | |
// Everyone identity, user wide store, container per identity | |
results.Add(TestContainer("Everyone identity, user wide store, container per identity", testString, GetEveryoneIdentity(), | |
CspProviderFlags.UseMachineKeyStore, $"container_{GetWindowsIdentity()}")); | |
// Current identity, machine wide store, same container name | |
results.Add(TestContainer("Current identity, machine wide store, same container name", testString, GetWindowsIdentity(), | |
CspProviderFlags.UseMachineKeyStore, "container_global")); | |
// Current identity, machine wide store, container per identity | |
results.Add(TestContainer("Current identity, machine wide store, container per identity", testString, GetWindowsIdentity(), | |
CspProviderFlags.UseMachineKeyStore, $"container_{GetWindowsIdentity()}")); | |
// Current identity, user wide store, container per identity | |
results.Add(TestContainer("Current identity, machine wide store, same container name", testString, GetWindowsIdentity(), | |
CspProviderFlags.UseDefaultKeyContainer, "container_global")); | |
// Current identity, user wide store, container per identity | |
results.Add(TestContainer("Current identity, machine wide store, container per identity", testString, GetWindowsIdentity(), | |
CspProviderFlags.UseDefaultKeyContainer, $"container_{GetWindowsIdentity()}")); | |
ViewData["Results"] = results; | |
return View(); | |
} | |
private Result TestContainer(string label, string testString, IdentityReference identity, CspProviderFlags flags, string containerName) | |
{ | |
var result = new Result() | |
{ | |
Name = label | |
}; | |
var originalContent = Encoding.Unicode.GetBytes(testString); | |
result.OriginalContent = BitConverter.ToString(originalContent); | |
result.Identity = identity.Value; | |
result.ContainerStore = Enum.GetName(typeof(CspProviderFlags), flags); | |
result.ContainerName = containerName;//$"container_{identity.Value}"; | |
try | |
{ | |
var provider = GetCryptoProvider(identity, flags, result.ContainerName); | |
var encryptedContent = provider.Encrypt(originalContent, false); | |
var decryptedontent = provider.Decrypt(encryptedContent, false); | |
result.EncryptedContent = BitConverter.ToString(encryptedContent); | |
result.DecryptedContent = BitConverter.ToString(decryptedontent); | |
} | |
catch (Exception ex) | |
{ | |
result.Exception = ex.ToString(); | |
} | |
return result; | |
} | |
private IdentityReference GetWindowsIdentity() | |
{ | |
return System.Security.Principal.WindowsIdentity.GetCurrent().User; | |
} | |
private IdentityReference GetEveryoneIdentity() | |
{ | |
return new SecurityIdentifier(WellKnownSidType.WorldSid, null); | |
} | |
private RSACryptoServiceProvider GetCryptoProvider(IdentityReference identity, CspProviderFlags flags, string containerName) | |
{ | |
// ----------------------------- | |
// Part 1 : Initialize csp params | |
// ----------------------------- | |
const int PROVIDER_RSA_FULL = 1; | |
var cspParams = new CspParameters(PROVIDER_RSA_FULL) | |
{ | |
KeyContainerName = containerName, | |
Flags = flags, //CspProviderFlags.UseMachineKeyStore; | |
ProviderName = "Microsoft Strong Cryptographic Provider" | |
}; | |
// -------------------------------------------------- | |
// Part 2 : A try to set folder access rights to "everyone" | |
// -------------------------------------------------- | |
var rule = new CryptoKeyAccessRule(identity, CryptoKeyRights.FullControl, AccessControlType.Allow); | |
cspParams.CryptoKeySecurity = new CryptoKeySecurity(); | |
cspParams.CryptoKeySecurity.SetAccessRule(rule); | |
return new RSACryptoServiceProvider(cspParams); | |
} | |
public IActionResult Error() | |
{ | |
return View(); | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@using System.Collections | |
@foreach (var data in (ViewData["Results"] as IEnumerable<Azure.SO.Answer._41615391.Controllers.Result>) ?? new Result[] { }) | |
{ | |
<H2>@data.Name</H2> | |
<b>Original content</b><br/> | |
<pre>@data.OriginalContent</pre> | |
<b>Encrypted Content</b><br /> | |
<pre>@data.EncryptedContent</pre> | |
<b>Decrypted Content</b><br /> | |
<pre>@data.DecryptedContent</pre> | |
<b>Container Store</b><br /> | |
<pre>@data.ContainerStore</pre> | |
<b>Container Name</b><br /> | |
<pre>@data.ContainerStore</pre> | |
<b>Identity</b><br /> | |
<pre>@data.Identity</pre> | |
<b>Exception</b><br /> | |
<pre>@data.Exception</pre> | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment