My task is simple - to share cookies among servers in a farm
I know that old way using machine key doesn't work in asp.net core, but there is a DataProtection API
However, I cannot store keys in shared folder (it's default built-in behavior of DataProtection)
Is there any way to store key exchange data in configs? (like in old asp.net)
Open IIS manager. Double-click the Machine Key icon in ASP.NET settings in the middle pane: MachineKey section will be read from your configuration file and be shown in the UI.
Machine keys help protect Forms authentication cookie data and page-level view state data. They also verify out-of-process session state identification. ASP.NET uses the following types of machine keys: A validation key computes a Message Authentication Code (MAC) to confirm the integrity of the data.
The machineKey element in the ASP.NET web. config file specifies the algorithm and keys that ASP.NET will use for encryption. By default the validationKey and the decryptionKey keys are set to AutoGenerate which means the runtime will generate a random key for use.
you can store the keys in a file system folder, but there are of course security concerns in doing so, however the concerns are similar as with storing a key in web.config.
The thing that is different is that there is not just one key like with machine key, the keys in data protection api expire after a given period and new keys are created when needed automatically. If you encrypt something with the data protection api and store it persisted in the database for example, you may need to decrypt it later using the expired keys
This example is storing the keys in a folder named dp_keys within the web app main folder.
string pathToCryptoKeys = Path.Combine(environment.ContentRootPath, "dp_keys");
services.AddDataProtection()
.PersistKeysToFileSystem(new System.IO.DirectoryInfo(pathToCryptoKeys));
Note that storing the keys in the file system is not the recommended approach. There is a powershell script in the docs that enables storing keys per application pool in the system registry. For Azure there is the Azure Key vault for storing the data protection keys.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With