Click here to Skip to main content
Click here to Skip to main content
Articles » Languages » XML » Web Services » Downloads
 
Add your own
alternative version

Implementing WS-SecureConversation in Microsoft IssueVision

, 27 Sep 2005
Adding secure communications to the Microsoft IssueVision sample application using WSE 2.0.
issuevisionwsesmartclient.zip
Database
IssueVision
Controls
Outlook
Images
statusbar
toolbar
types
Libraries
ThreadHelper Documentation
Panes
Patterns
Web References
localhost
IssueVisionWebWseCS
Libraries
App.ico
IssueVision.csproj.user
IssueVision.snk
IssueVisionServices.disco
IssueVisionServices.wsdl
Reference.map
AppUpdater.dll
ThreadHelper.dll
About BackgroundWorker.doc
Async Windows Forms Programming with BackgroundWorker.doc
IssueVision-about-banner.png
mosaic-light.png
Signin.png
all_staffers.png
all_types.png
computer.png
environmental.png
help_desk.png
network.png
none.png
printer.png
staff.png
technicians.png
technicians_group.png
telecom.png
new_task.png
synchronize.png
work_offline.png
StatusConnected.ico
StatusDisconnected.ico
StatusSynchronizing.ico
IssueVisionWebWseCS.csproj.webinfo
IVDataSet.xsx
// Uses the Data Protection API (DPAPI) to encrypt and decrypt secrets
// based on the logged in user or local machine. 

using System;
using System.Runtime.InteropServices;
using System.Security;
using System.Text;

namespace IssueVisionWebWseCS
{
	public sealed class DataProtection 
	{
		// use local machine or user to encrypt and decrypt the data
		public enum Store
		{
			Machine,
			User
		}

		// const values
		private class Consts 
		{
			// specify an entropy so other DPAPI applications can't see the data
			public readonly static byte[] EntropyData = ASCIIEncoding.ASCII.GetBytes("B0D125B7-967E-4f94-9305-A6F9AF56A19A");
		}

		// static class
		private DataProtection()
		{
		}

		// public methods

		// encrypt the data using DPAPI, returns a base64-encoded encrypted string
		public static string Encrypt(string data, Store store)
		{
			// holds the result string
			string  result = "";

			// blobs used in the CryptProtectData call
			Win32.DATA_BLOB inBlob = new Win32.DATA_BLOB();
			Win32.DATA_BLOB entropyBlob = new Win32.DATA_BLOB();
			Win32.DATA_BLOB outBlob = new Win32.DATA_BLOB();

			try 
			{
				// setup flags passed to the CryptProtectData call
				int flags = Win32.CRYPTPROTECT_UI_FORBIDDEN | 
					(int)((store == Store.Machine) ? Win32.CRYPTPROTECT_LOCAL_MACHINE : 0);

				// setup input blobs, the data to be encrypted and entropy blob
				SetBlobData(ref inBlob, ASCIIEncoding.ASCII.GetBytes(data));
				SetBlobData(ref entropyBlob, Consts.EntropyData);

				// call the DPAPI function, returns true if successful and fills in the outBlob
				if (Win32.CryptProtectData(ref inBlob, "", ref entropyBlob, IntPtr.Zero, IntPtr.Zero, flags, ref outBlob)) 
				{
					byte[] resultBits = GetBlobData(ref outBlob);
					if (resultBits != null) 
						result = Convert.ToBase64String(resultBits);
				}
			}
			catch
			{
				// an error occurred, return an empty string
			}
			finally 
			{
				// clean up
				if (inBlob.pbData.ToInt32() != 0) 
					Marshal.FreeHGlobal(inBlob.pbData);

				if (entropyBlob.pbData.ToInt32() != 0) 
					Marshal.FreeHGlobal(entropyBlob.pbData);
			}

			return result;
		}

		// decrypt the data using DPAPI, data is a base64-encoded encrypted string
		public static string Decrypt( string  data,  Store store) 
		{
			// holds the result string
			string result = "";

			// blobs used in the CryptUnprotectData call
			Win32.DATA_BLOB inBlob = new Win32.DATA_BLOB();
			Win32.DATA_BLOB entropyBlob = new Win32.DATA_BLOB();
			Win32.DATA_BLOB outBlob = new Win32.DATA_BLOB();

			try 
			{
				// setup flags passed to the CryptUnprotectData call
				int flags = Win32.CRYPTPROTECT_UI_FORBIDDEN |
					(int)((store == Store.Machine) ? Win32.CRYPTPROTECT_LOCAL_MACHINE : 0);

				// the CryptUnprotectData works with a byte array, convert string data
				byte[] bits = Convert.FromBase64String(data);

				// setup input blobs, the data to be decrypted and entropy blob
				SetBlobData(ref inBlob, bits);
				SetBlobData(ref entropyBlob, Consts.EntropyData);

				// call the DPAPI function, returns true if successful and fills in the outBlob
				if (Win32.CryptUnprotectData(ref inBlob, null, ref entropyBlob, IntPtr.Zero, IntPtr.Zero, flags, ref outBlob)) 
				{
					byte[] resultBits = GetBlobData(ref outBlob);
					if (resultBits != null) 
						result = ASCIIEncoding.ASCII.GetString(resultBits);
				}
			}
			catch 
			{
				// an error occurred, return an empty string
			}
			finally 
			{
				// clean up
				if (inBlob.pbData.ToInt32() != 0) 
					Marshal.FreeHGlobal(inBlob.pbData);
		
				if (entropyBlob.pbData.ToInt32() != 0) 
					Marshal.FreeHGlobal(entropyBlob.pbData);
			}

			return result;
		}


		// internal methods

		#region Data Protection API

		private class Win32 
		{
			public const int CRYPTPROTECT_UI_FORBIDDEN = 0x1;
			public const int CRYPTPROTECT_LOCAL_MACHINE = 0x4;

			[StructLayout(LayoutKind.Sequential)]
			public struct DATA_BLOB
			{
				public int cbData;
				public IntPtr pbData;
			}

			[DllImport("crypt32", CharSet=CharSet.Auto)]
			public static extern bool CryptProtectData(ref DATA_BLOB pDataIn, string szDataDescr, ref DATA_BLOB pOptionalEntropy, IntPtr pvReserved, IntPtr pPromptStruct, int dwFlags, ref DATA_BLOB pDataOut);

			[DllImport("crypt32", CharSet=CharSet.Auto)]
			public static extern bool CryptUnprotectData(ref DATA_BLOB pDataIn, StringBuilder szDataDescr, ref DATA_BLOB pOptionalEntropy, IntPtr pvReserved, IntPtr pPromptStruct, int dwFlags, ref DATA_BLOB pDataOut);

			[DllImport("kernel32")] 
			public static extern IntPtr LocalFree(IntPtr hMem);
		}

		#endregion

		// helper method that fills in a DATA_BLOB, copies 
		// data from managed to unmanaged memory
		private static void SetBlobData(ref Win32.DATA_BLOB blob,  byte[] bits) 
		{
			blob.cbData = bits.Length;
			blob.pbData = Marshal.AllocHGlobal(bits.Length);
			Marshal.Copy(bits, 0, blob.pbData, bits.Length);
		}

		// helper method that gets data from a DATA_BLOB, 
		// copies data from unmanaged memory to managed
		private static byte[] GetBlobData(ref Win32.DATA_BLOB blob) 
		{
			// return an empty string if the blob is empty
			if (blob.pbData.ToInt32() == 0) 
				return null;

			// copy information from the blob
			byte[] data = new byte[blob.cbData];
			Marshal.Copy(blob.pbData, data, 0, blob.cbData);
			Win32.LocalFree(blob.pbData);

			return data;
		}
	}

}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

Weidong Shen
Software Developer (Senior)
United States United States
Weidong has been an information system professional since 1990. He has a Master's degree in Computer Science, and is currently a MCSD .NET

| Advertise | Privacy | Mobile
Web04 | 2.8.141022.2 | Last Updated 27 Sep 2005
Article Copyright 2005 by Weidong Shen
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid