Integrate a custom encryption logic

You can customize the way Sitefinity CMS handles persistence of encrypted configuration settings. This is useful in cases where you want to use a different encryption algorithm for settings that are stored using the Encrypted persistence option, or if you want to specify different persistence location for settings where you have used the Link to App Setting option. For more information about the Sitefinity CMS configuration setting encryption options, see Encrypt sensitive data in configurations.

Implement the custom resolver class

The default logic for encrypting configuration settings is implemented inside the SecretDataResolver class. To implement your custom logic, you must first add a new class that inherits from SecretDataResolver

Specify your custom resolver Mode

The SecretDataResolver class exposes a Mode property, which helps Sitefinity CMS identify whether this resolver is used for working with configuration settings that are stored using one of the following modes:

  • Encrypted
    You implement your own encryption and decryption logic for the configuration setting value that is persisted by Sitefinity CMS 
  • Link to App Setting
    The actual value of the configuration settings is stored externally, whereas Sitefinity CMS only persists a key. You implement the logic that associates the key, stored by Sitefinity CMS with the atual value of the configuration settings.

In other words, you must implement a separate resolver for each of the modes and specify the Mode accordingly. You do this by overriding the Mode property in your custom class and returning either SecretDataMode.Encrypt or SecretDataMode.Link for its value. 

Implement the encrypt and decrypt logic

Once you have specified your resolver mode, you must override the GenerateKey and Resolve base methods. The implementation of these methods differs depending on the specified Mode:

  • For SecretDataMode.Encrypt mode
    • Your GenerateKey method receives the value you entered in the configuration settings UI. You must implement the encryption logic of the received value, so that the GenerateKey method returns the encrypted value. Sitefinity CMS persists this returned value.
    • When the configuration settings value is requested, Sitefinity CMS calls the custom resolver Resolve method and passes the decrypted value as a method parameter. You must handle the decryption logic inside the method and return the decrypted value.

    For example, your custom resolver class needs to look like this:
  • For  SecretDataMode.Link mode
    • Your GenerateKey method only needs to return the value that is passed by Sitefinity CMS as a method parameter. The reason is that when using the  SecretDataMode.Link mode, Sitefinity CMS requires you to specify a key inside the configuration settings UI, instead of providing the actual setting value. Thus, Sitefinity CMS needs to persist just the key, and no additional logic is necessary inside the GenerateKey method. The retrieval of the actual value will be handled inside the Resolve method, based on this key.
    • Your Resolve method needs to handle the retrieval of the actual configuration settings value, based on the key, persisted in Sitefinity CMS. The key is received as a method parameter. Your method implementation must retrieve the value, based on the key, and return it as a result. Usually, when using SecretDataMode.Link mode, you handle the encryption and decryption of the configuration setting value externally from Sitefinity CMS.

    For example, your custom resolver class needs to look like this:

Register the class

You register the custom resolver classes in the web.config file of your application. For example, to register the above demonstrated Encrypt and Link mode resolvers, modify the web.config in the following way:

As a result, the custom resolvers appear in the list of available configuration setting encryption options:


Was this article helpful?