堆栈内存溢出
  简体   繁体   English

Ubuntu上的ASP.NET Core 2.2 Web应用程序 - 如何实现数据保护

[英]ASP.NET Core 2.2 web app on Ubuntu - how to implement Data Protection

 原文  2019-03-20 17:45:41       c#/ linux/ asp.net-core/ ubuntu-18.04

问题描述

I've started using Ubuntu (18.04) to host some simple .NET Core 2.2 websites. 我已经开始使用Ubuntu(18.04)来托管一些简单的.NET Core 2.2网站。 And when the site is deployed and started I see the following: 部署并启动站点后,我会看到以下内容:

warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[59] Neither user profile nor HKLM registry available. 警告:Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager [59]用户配置文件和HKLM注册表都不可用。 Using an ephemeral key repository. 使用临时密钥存储库。 Protected data will be unavailable when application exits. 应用程序退出时,受保护的数据将不可用。 warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35] No XML encryptor configured. 警告:Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager [35]未配置XML加密器。 Key {c45288a6-63f8-4408-abdb-7894fb6d4e45} may be persisted to storage in unencrypted form. 密钥{c45288a6-63f8-4408-abdb-7894fb6d4e45}可以以未加密的形式保存到存储中。 Hosting environment: Production Content root path: /var/www/mysite Now listening on: http://localhost:5010 Application started. 托管环境:生产内容根路径:/ var / www / mysite现在正在侦听: http:// localhost:5010应用程序已启动。 Press Ctrl+C to shut down. 按Ctrl + C关闭。 warn: Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware[3] Failed to determine the https port for redirect. 警告:Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware [3]无法确定重定向的https端口。

So what is the best and secured way of implementing Key Storage Provider for Linux (and possibly for Windows too, universal)? 那么,为Linux实现密钥存储提供程序的最佳和最安全的方式是什么(也可能是针对Windows的,通用的)? Is there an existing one? 有现成的吗? Are there any examples? 有什么例子吗?

PS. PS。 Yes, I've seen this docs - Key Storage Providers in ASP.NET Core . 是的,我已经看过这个文档 - ASP.NET Core中的密钥存储提供程序

1 个解决方案

解决方案1
 0  2019-03-20 17:58:34

The way we implemented this, supporting load balancing scenarios as well is by using Azure ATS as the key repository. 我们实现这一点的方式,也支持负载平衡方案是使用Azure ATS作为密钥存储库。

The configuration looks this way: 配置看起来像这样: 

  string storageUrl = "https://[your account here].blob.core.windows.net";
  string sasToken = "?sv=20XX-XX-XX&ss=x&srt=xxx&sp=xxxx&...";
  string containerName = "data-protection-XXXX-XXXX-container";
  string blobName = "data-protection-XXXX-XXXX-blob";

   // Create the new Storage URI
   Uri storageUri = new Uri($"{storageUrl}{sasToken}");

   //Create the blob client object.
   CloudBlobClient blobClient = new CloudBlobClient(storageUri);

   //Get a reference to a container. Create it if it does not exist.
   CloudBlobContainer container = blobClient.GetContainerReference(containerName);

   // (NOTE: internal library, do not use in your code)
   AsyncHelper.Guarded<bool>(() => { return container.CreateIfNotExistsAsync();  });


   services.AddDataProtection()
        .SetApplicationName("[your application name here]")
        .PersistKeysToAzureBlobStorage(container, blobName)
        .SetDefaultKeyLifetime(new TimeSpan(365 * 10, 0, 0, 0, 0));

Note: Review the encryption options when configuring Data Protection for extra security. 注意:配置Data Protection以获得额外的安全性时,请查看加密选项。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在ASP.net Core 2.2中为我的CRUD Web应用程序实现基本安全性? - How to implement basic security for my CRUD web app in ASP.net Core 2.2? ASP.NET core 2.2 web api 记录与数据保护密钥相关的警告:我们应该如何处理这个问题? - ASP.NET core 2.2 web api logs warnings related to data protection keys: how should we handle this issue? ASP.NET CORE 2.2 WEB APP 中的 Session 过期问题 - Session expire problen in ASP.NET CORE 2.2 WEB APP ASP.Net Core 2.2 Web App中的自定义身份 - Custom Identity in ASP.Net Core 2.2 Web App 如何在ASP.NET Core 2.2中实现身份 - How to implement Identity in ASP.NET Core 2.2 ASP.NET Core 2.2 Web API 项目:使用端点实现电子邮件确认回调 url - ASP.NET Core 2.2 Web API project: implement email confirmation callback url using endpoint 使用 Web Deploy 在 Azure 中部署普通的 ASP.NET Core 2.2 Web 应用程序引发错误 - Deploying a plain ASP.NET Core 2.2 Web App in Azure using Web Deploy is throwing an error 如何在ASP.NET Core Web API中实现通过id获取? - How to implement get by id in ASP.NET Core Web API? ASP.NET中如何实现搜索过滤 Core Web API - How to implement search filter in ASP.NET Core Web API 如何在Ubuntu上运行已经开发的ASP.NET Core应用程序? - How to run already developed ASP.NET Core app on Ubuntu?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM