c# - Azure 网站上的数据保护/加密？

Question

我正在尝试加密一些数据，以存储在 Azure 上部署的网站的用户 cookie 中。

我尝试查看 System.Security 中的 DataProtection API，但它们似乎都需要计算机或用户范围，这在部署到 Azure 时不起作用。

然后我尝试使用 AesCryptoServiceProvider 并将 key 存储在我的 Web.config 中，但出现此错误:

CryptographicException: The data protection operation was unsuccessful. This may have been caused by not having the user profile loaded for the current thread's user context, which may be the case when the thread is impersonating.

我正在阅读该错误，显然您需要调整 IIS 设置，该设置不适用于 Azure。

我还尝试查看 DataProtection Asp.NET Core 包，但它引入了很多新包，并且文档提到需要将加密信息存储在本地文件夹中；如果没有专用机器，这似乎无法在 Azure 上运行。

保护/取消保护 Azure 网站上的数据的正确方法是什么？

Answer 1

事实证明，只有 DataProtection API 引发了错误。 AesManaged 和 AesCryptoServiceProvider 仍然可以在 Azure 中使用。这是我最终使用的:

private const string AesKey = "206283c07cbfda1c0c126ef56d78ba9a0aeb53a06cd65f10bd3a9cb9a68e3fe1";

public static byte[] Encrypt(byte[] toEncrypt)
{
    byte[] encrypted;

    var aes = new AesCryptoServiceProvider();
    aes.Key = StringToByteArray(AesKey);

    // Create a new IV for each item to encrypt
    aes.GenerateIV();
    byte[] iv = aes.IV;

    using (var encrypter = aes.CreateEncryptor(aes.Key, iv))
    using (var cipherStream = new MemoryStream())
    {
        using (var cryptoStream = new CryptoStream(cipherStream, encrypter, CryptoStreamMode.Write))
        using (var binaryWriter = new BinaryWriter(cryptoStream))
        {
            // Prepend unencrypted IV to data
            cipherStream.Write(iv, 0, iv.Length);
            binaryWriter.Write(toEncrypt);
            cryptoStream.FlushFinalBlock();
        }

        encrypted = cipherStream.ToArray();
    }

    return encrypted;
}

public static byte[] EncryptFromString(string toEncrypt)
{
    return Encrypt(Encoding.UTF8.GetBytes(toEncrypt));
}

public static byte[] Decrypt(byte[] toDecrypt)
{
    var aes = new AesCryptoServiceProvider();
    aes.Key = StringToByteArray(AesKey);

    // Pull out the unencrypted IV first
    byte[] iv = new byte[16];
    Array.Copy(toDecrypt, 0, iv, 0, iv.Length);

    using (var encryptedMemoryStream = new MemoryStream())
    {
        using (var cryptoStream = new CryptoStream(encryptedMemoryStream, aes.CreateDecryptor(aes.Key, iv), CryptoStreamMode.Write))
        using (var binaryWriter = new BinaryWriter(cryptoStream))
        {
            // Decrypt Cipher Text from Message
            binaryWriter.Write(
                toDecrypt,
                iv.Length,
                toDecrypt.Length - iv.Length
            );
        }

        return encryptedMemoryStream.ToArray();
    }
}

public static string DecryptToString(byte[] toDecrypt)
{
    return Encoding.UTF8.GetString(Decrypt(toDecrypt));
}

public static string ByteArrayToString(byte[] array)
{
    StringBuilder hex = new StringBuilder(array.Length * 2);
    foreach (byte b in array)
    {
        hex.AppendFormat("{0:x2}", b);
    }

    return hex.ToString();
}

public static byte[] StringToByteArray(string hex)
{
    int charCount = hex.Length;
    byte[] bytes = new byte[charCount / 2];
    for (int i = 0; i < charCount; i += 2)
    {
        bytes[i / 2] = Convert.ToByte(hex.Substring(i, 2), 16);
    }

    return bytes;
}