Monthly Archives: May 2013

DbEncryptedString

One of the new features in 3.1 is the DbEncryptedString class. This class allows you to have a property value automatically encrypted upon write to and decrypted upon read from the database.

You can use it as the property type for any mapped class by simply declaring the property as a DbEncryptedString:

public class Thing
{
    public DbEncryptedString SecureData { get; set; }
}

The DbEncryptedString class provides automatic conversion from a .NET string class so you can easily use it as follows:

var thing = new Thing { SecureData = "My Secret data..." };

Once the object is saved to the database (via ISession.Insert() or ISession.Update()) the column will contain the Base64 encoded cipher text (encrypted value). When the object is read from the database it will be decrypted and the clear text will be visible in the property.

The encrypted value will look something along the lines of MlZPjm49IKNGtOQoHAAgEa2+ycQHzXk8FIRbJ/SQ/BM=@ngWykCGsVyD/aD8ZWIhXWw==

If you choose to use DbEncryptedString, you need to manually register the type converter for it. The DbEncryptedStringTypeConverter is designed to work with any implementation of SymmetricAlgorithm and in order to do this, the creation of the SymmetricAlgorithm has been abstracted from the type converter.

The constructor for the DbEncryptedStringTypeConverter is as follows:

public class DbEncryptedStringTypeConverter
{
    public DbEncryptedStringTypeConverter(ISymmetricAlgorithmProvider algorithmProvider)
    {
    }
}

In order to instantiate the DbEncryptedStringTypeConverter, we need to provide it with an implementation of MicroLite.Infrastructure.ISymmetricAlgorithmProvider. MicroLite 3.1 ships with an implementation of this interface which reads the encryption key and algorithm type from the app.config. In order to use it, add 2 values to the appsettings section:

  <appSettings>
    <add key="MicroLite.DbEncryptedString.EncryptionKey" value="bru$3atheM-pey+=!a5ebr7d6Tru@E?4" />
    <add key="MicroLite.DbEncryptedString.SymmetricAlgorithm" value="AesManaged" />
  </appSettings>

The SymmetricAlgorithm can be any which can be created by SymmetricAlgorithm.Create.

It is then possible to instantiate the DbEncryptedStringTypeConverter with the AppSettingSymmetricAlgorithmProvider as follows and register it with MicroLite:

Then register the type converter:

using MicroLite.Infrastructure;
using MicroLite.TypeConverter;

ISymmetricAlgorithmProvider algorithmProvider = new AppSettingSymmetricAlgorithmProvider();
ITypeConverter typeConvter = new DbEncryptedStringTypeConverter(algorithmProvider);

TypeConverter.Converters.Add(typeConverter);
Advertisements

Custom Type Converters

One of the new features in Version 3.1 is support for custom type converters. This is actually the internals that allowed for the XDocument support in 3.0.3 being made public.

In order to create a custom type converter, the interface you need to implement is MicroLite.TypeConverters.ITypeConverter.

ITypeConverter

As you can see, the interface is quite simple only requiring 3 methods.

The CanConvert method allows the converter to tell MicroLite if it can handle conversion of the specified type. This will be called by MicroLite when it is trying to resolve the correct type converter to use to convert a value.

The ConvertFromDbValue method will be called by MicroLite when building an object from a result set, the value will be the object returned by the underlying DbDataReader and the type will be the property type (or object type if include scalar or execute scalar has been called).

The ConvertToDbValue method will be called by MicroLite when building an insert/update statement. The value will be the property value and the type will be the property type.

Once you have created an ITypeConverter, simply register it when you configure MicroLite:

using MicroLite.TypeConverter;

TypeConverter.Converters.Add(new MyCustomTypeConverter());

WebApi Extension 2.1.0 Released

In the MVC and WebApi extensions post, we discussed using the GlobalConfiguration.Configuration.Filters to register the MicroLiteSessionAttribute. In MicroLite.Extensions.WebApi 2.1.0, we do that automatically when calling .WithWebApi();.

If you don’t want that to happen, simply call the overload instead to opt out of the registration .WithWebApi(registerGlobalFilter: false);

3.1.0 Released

Version 3.1.0 has been released for MicroLite.

Changes/Enhancements

  • Creating custom type converters.
  • DbEncryptedString
  • Extension support for SqlDialects.
  • The ConventionMapping now allows specifying a default table schema.

The obsolete warnings on the following methods are now compilation errors so if you have not already, please update to the new API.

  • IConfigureConnection.ForConnection(string connectionName);
  • IReadOnlySession.Paged(SqlQuery sqlQuery, int page, int resultsPerPage);