Consider alternatives such as dependency injecting services as parameters to 'Configure'. The following code provides the IXmlRepository implementation without having to build the service provider and therefore making additional copies of singleton services:. Skip to main content. This browser is no longer supported.
Download Microsoft Edge More info. Contents Exit focus mode. Is this page helpful? Please rate your experience Yes No. Any additional feedback? We can provide further constraints in order to narrow the scope of our requirements. We assume that all services operating within the cryptosystem are equally trusted and that the data doesn't need to be generated or consumed outside of the services under our direct control. Furthermore, we require that operations are as fast as possible since each request to the web service might go through the cryptosystem one or more times.
This makes symmetric cryptography ideal for our scenario, and we can discount asymmetric cryptography until such a time that it's needed. We started by identifying problems with the existing stack.
Once we had that, we surveyed the landscape of existing solutions and concluded that no existing solution quite had the capabilities we sought. We then engineered a solution based on several guiding principles. The system should offer simplicity of configuration.
Ideally the system would be zero-configuration and developers could hit the ground running. In situations where developers need to configure a specific aspect such as the key repository , consideration should be given to making those specific configurations simple. Offer a simple consumer-facing API. The APIs should be easy to use correctly and difficult to use incorrectly. Developers shouldn't learn key management principles.
The system should handle algorithm selection and key lifetime on the developer's behalf. Ideally the developer should never even have access to the raw key material. Keys should be protected at rest when possible. The system should figure out an appropriate default protection mechanism and apply it automatically.
With these principles in mind we developed a simple, easy to use data protection stack. That said, there's nothing prohibiting a developer from using the ASP.
The data protection system is divided into five main packages. Various aspects of these APIs target three main audiences;. I simply want to perform some operation in as simple a manner as possible with high probability of using the APIs successfully.
The configuration APIs target application developers and system administrators. The extensibility APIs target developers in charge of implementing custom policy. Ensure only the identity under which your web app runs has read, write, and create access to that directory. If you use Azure Blob Storage, only the web app should have the ability to read, write, or create new entries in the blob store, etc. IDataProtectionBuilder exposes extension methods that you can chain together to configure Data Protection options.
The following NuGet packages are required for the Data Protection extensions used in this article:. For an app to communicate and authorize itself with KeyVault, the Azure. Identity package must be added. The location must be set because calling ProtectKeysWithAzureKeyVault implements an IXmlEncryptor that disables automatic data protection settings, including the key ring storage location.
The preceding example uses Azure Blob Storage to persist the key ring. For more information, see Key storage providers: Azure Storage. The keyIdentifier is the key vault key identifier used for key encryption. If the app uses the older Azure packages Microsoft.
AzureStorage and Microsoft. AzureKeyVault , we recommend removing these references and upgrading to the Azure. Blobs and [Azure. These packages are where new updates are provided, and address some key security and stability issues with the older packages.
If you change the key persistence location, the system no longer automatically encrypts keys at rest, since it doesn't know whether DPAPI is an appropriate encryption mechanism. To store keys in a database using EntityFramework, configure the system with the Microsoft.
EntityFrameworkCore package:. The preceding code stores the keys in the configured database. This property represents the table in which the keys are stored.
Create the table manually or with DbContext Migrations. See DataProtectionKey for more information. Consider the example below, which stores keys on a UNC share and encrypts those keys at rest with a specific X.
In ASP. NET Core 2. See Key Encryption At Rest for more examples and discussion on the built-in key encryption mechanisms. To configure the system to use a key lifetime of 14 days instead of the default 90 days, use SetDefaultKeyLifetime :. By default, the Data Protection system isolates apps from one another based on their content root paths, even if they're sharing the same physical key repository. This prevents the apps from understanding each other's protected payloads.
You may have a scenario where you don't want an app to automatically roll keys create new keys as they approach expiration. The secondary apps can be configured to treat the key ring as read-only by configuring the system with DisableAutomaticKeyGeneration :.
NET Core host, it automatically isolates apps from one another, even if those apps are running under the same worker process account and are using the same master keying material.
This is somewhat similar to the IsolateApps modifier from System. The isolation mechanism works by considering each app on the local machine as a unique tenant, thus the IDataProtector rooted for any given app automatically includes the app ID as a discriminator. The app's unique ID is the app's physical path:. The unique identifier is designed to survive resets—both of the individual app and of the machine itself.
This isolation mechanism assumes that the apps are not malicious.
0コメント