Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to replace machinekey for asp.net core?

Tags:

asp.net

asp.net-core

My task is simple - to share cookies among servers in a farm

I know that old way using machine key doesn't work in asp.net core, but there is a DataProtection API

However, I cannot store keys in shared folder (it's default built-in behavior of DataProtection)

Is there any way to store key exchange data in configs? (like in old asp.net)

like image 742
VoimiX Avatar asked Feb 08 '17 15:02

VoimiX

People also ask

Where do I put MachineKey in web config?

Open IIS manager. Double-click the Machine Key icon in ASP.NET settings in the middle pane: MachineKey section will be read from your configuration file and be shown in the UI.

What is MachineKey?

Machine keys help protect Forms authentication cookie data and page-level view state data. They also verify out-of-process session state identification. ASP.NET uses the following types of machine keys: A validation key computes a Message Authentication Code (MAC) to confirm the integrity of the data.

What is MachineKey validationKey?

The machineKey element in the ASP.NET web. config file specifies the algorithm and keys that ASP.NET will use for encryption. By default the validationKey and the decryptionKey keys are set to AutoGenerate which means the runtime will generate a random key for use.

1 Answers

you can store the keys in a file system folder, but there are of course security concerns in doing so, however the concerns are similar as with storing a key in web.config.

The thing that is different is that there is not just one key like with machine key, the keys in data protection api expire after a given period and new keys are created when needed automatically. If you encrypt something with the data protection api and store it persisted in the database for example, you may need to decrypt it later using the expired keys

This example is storing the keys in a folder named dp_keys within the web app main folder.

string pathToCryptoKeys = Path.Combine(environment.ContentRootPath, "dp_keys");
        services.AddDataProtection()
            .PersistKeysToFileSystem(new System.IO.DirectoryInfo(pathToCryptoKeys));

Note that storing the keys in the file system is not the recommended approach. There is a powershell script in the docs that enables storing keys per application pool in the system registry. For Azure there is the Azure Key vault for storing the data protection keys.

like image 193
Joe Audette Avatar answered Sep 27 '22 21:09

Joe Audette
Sign in to Comment

Related questions

autocomplete = "off" ignored in IE?
ASP.NET - Multiple Web applications - Sharing cache objects [closed]
web.config connection string changing when published
Uploading image is not working on server
FatalExecutionEngineError in C# / WSC (COM) interop
Odata v3 Web Api navigation with composite key
Transform Styles' Urls to CDN Urls in ASP.NET Bundling and Minification
ORDER BY indexed column is still slow
OpenXml "Can not access a closed stream" only on production
Validating Date Time In Javascript
set-cookie not working for IE11/10 after clearing cache
How to combine ASP MVC 5 and Emberjs
Privilege Escalation & Session Hijacking in Identity MVC5
Creating per-request controller/action based formatters in ASP.NET 5
How to load a .dll that was build for another .net version in .Net 5?
How to pass a dynamic variable into the authorize attribute class in asp.net mvc?
how to add gridview with objectdatasource in code behind c#?
Autofac not resolving types from assembly scan in asp.net 5
ASP.NET Core Route not working
Asp.net WebApi : No type was found that matches the controller named 'xxxx'

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!