ASP.Net Core Data Protection API in a Clustered Environment

旧时模样 提交于 2019-12-01 06:24:18

You have to supply an implementation of IXmlRepository which provides the data protection API with a place to store the keys. The ProtectKeysWith*() directives protect the keys at rest (in basic terms, encrypts the keys before saving them!). Additional info here.

I ended up persisting my keys to AzureStorage. More info here.

serviceCollection.AddDataProtection()
    .ProtectKeysWithDpapiNG($"CERTIFICATE=HashId:{thumbPrint}", flags: Microsoft.AspNetCore.DataProtection.XmlEncryption.DpapiNGProtectionDescriptorFlags.None)
    .PersistKeysToAzureBlobStorage(/* params */);

It is also worth noting that the certificate used to protect the keys must be stored in a certificate store and the account which the application is running under must have read access. See here.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!