All geek questions in one place

How to implement machineKey in ASP.NET Core 2.0

In ASP.NET (not the kernel), I would usually add machineKey in web.config so that I can perform some functions on the local computer and not on the server, so that database / callback operations use the same key. For instance,

<system.web>
  <machineKey validationKey="*********" 
              decryptionKey="*********" 
              validation="HMACSHA256" 
              decryption="AES" />
</system.web>

Please can anyone advise how this can be done in ASP.NET Core 2.0?

+11
source share
3 answers

Now you need to use DataProtection APis :

Data Protection Data Stack ASP.NET Core provides a simple and easy-to-use cryptographic API that a developer can use to protect data, including key management and rotation.

DataProtection.

, , ASP.NET: <machineKey> ASP.NET

: ( IDataProtectionProvider), ( IDataProtector) CreateProtector, .

IDataProtectionProvider DI, .AddDataProtection:

public void ConfigureServices(IServiceCollection services)
{
    // Adds data protection services
    services.AddDataProtection();
    ...
}
+11

, ASP.NET Core ASP.NET, cookie , , cookie ASP. .NET Core. .NET Framework / Machinekey. . Https://github.com/synercoder/FormsAuthentication

0

Good examples can be found at https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/implementation/key-storage-providers?view=aspnetcore-2.2&tabs=visual-studio

I used the context of my database to store keys in multiple instances.

Dbcontext.cs

public class MyContext : IDataProtectionKeyContext
{
  ...
  // This maps to the table that stores keys.
  public DbSet<DataProtectionKey> DataProtectionKeys { get; set; }
}

Startup.cs

public void ConfigureServices(IServiceCollection services)
{
  ...
  services.AddDataProtection().PersistKeysToDbContext<MyContext>();
}
0
source

Source: https://habr.com/ru/post/1687235/

More articles:


All Articles