Menu
I have this at every app start.
Does anyone know where this comes from?
info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0] User profile is available. Using '/Users/thomas/.aspnet/DataProtection-Keys' as key repository; keys will not be encrypted at rest.
// run the web host
var PathToContentRoot = Directory.GetCurrentDirectory();
var Host = WebHost.CreateDefaultBuilder()
.UseKestrel()
.UseContentRoot(PathToContentRoot)
.UseStartup<WebStartup>()
.UseNLog()
.Build();
I don't have anything about 'dataprotection', 'keys', etc nor do I want any form of security features.
The code in the ConfigureServices part is:
// find all controllers
var Controllers =
from a in AppDomain.CurrentDomain.GetAssemblies().AsParallel()
from t in a.GetTypes()
let attributes = t.GetCustomAttributes(typeof(ControllerAttribute), true)
where attributes?.Length > 0
select new { Type = t };
var ControllersList = Controllers.ToList();
Logging.Info($"Found {ControllersList.Count} controllers");
// register them
foreach (var Controller in ControllersList)
{
Logging.Info($"[Controller] Registering {Controller.Type.Name}");
Services
.AddMvc()
.AddJsonOptions(Options => Options.SerializerSettings.ContractResolver = new DefaultContractResolver())
.AddApplicationPart(Controller.Type.Assembly);
}
// add signalR
Services.AddSignalR();
It is done to allow controllers from external assemblies to be used.
479
The ASP.NET Core data protection provides a cryptographic API to protect data, including key management and rotation. Web applications often need to store security-sensitive data. Windows provides a data protection API, DPAPI, but Windows DPAPI isn't intended for use in web applications.
In ASP.NET Core, logging providers store the logs. You can configure multiple logging providers for your application. The default ASP.NET Core configures the following logging providers: Console, Debug, EventSource, and EventLog (on Windows).
The data-protection system automatically creates new keys when old keys are near to expiration. The collection of all the available keys is called the key ring. The data-protection system manages key rotation internally, creating new keys when old ones expire.
Depending on what ASP.NET features you are using, the Core Data Protection middleware may be setup and added into the dependency injection container.
This provides a mechanism for storing sensitive data. Depending on what environment you are running in this sensitive data will be stored in different locations. In your case you are getting the message that it is being stored in the user profile (a folder on the system) and in plain text (I'm assuming because you are running on Linux as they would by default get encrypted on Windows). This article has a nice description of the default location for storing the sensitive data.
In your case I suspect it is the use of SignalR that is causing the Core Data Protection middle ware to be added. Another common cause for it being added is calling
IServiceCollection.AddAuthentication
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
