Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The DataProtectionProvider class in the Windows.Security.Cryptography.DataProtection namespace provides a simplified way to encrypt and decrypt digital data. You can use the class to protect data to any of the following:
- You can use a SID to protect data to an Active Directory (AD) security principal like an AD group. Any member of the group can decrypt the data.
- You can protect data to the current user.
- You can protect data to the credentials (password) used during logon to a website.
To protect data, when you create a DataProtectionProvider object you must specify a protection descriptor before calling ProtectAsync or ProtectStreamAsync. The following example shows possible sample protection descriptors.
"SID=S-1-5-21-4392301 AND SID=S-1-5-21-3101812"
"SDDL=O:S-1-5-5-0-290724G:SYD:(A;;CCDC;;;S-1-5-5-0-290724)(A;;DC;;;WD)"
"LOCAL=user"
"LOCAL=machine"
"WEBCREDENTIALS=MyPasswordName"
"WEBCREDENTIALS=MyPasswordName,myweb.com"
For examples, see the following topics: