[英]ASP.NET Core 2.2 web app on Ubuntu - how to implement Data Protection
I've started using Ubuntu (18.04) to host some simple .NET Core 2.2 websites. 我已经开始使用Ubuntu(18.04)来托管一些简单的.NET Core 2.2网站。 And when the site is deployed and started I see the following:
部署并启动站点后,我会看到以下内容:
warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[59] Neither user profile nor HKLM registry available.
警告:Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager [59]用户配置文件和HKLM注册表都不可用。 Using an ephemeral key repository.
使用临时密钥存储库。 Protected data will be unavailable when application exits.
应用程序退出时,受保护的数据将不可用。 warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35] No XML encryptor configured.
警告:Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager [35]未配置XML加密器。 Key {c45288a6-63f8-4408-abdb-7894fb6d4e45} may be persisted to storage in unencrypted form.
密钥{c45288a6-63f8-4408-abdb-7894fb6d4e45}可以以未加密的形式保存到存储中。 Hosting environment: Production Content root path: /var/www/mysite Now listening on: http://localhost:5010 Application started.
托管环境:生产内容根路径:/ var / www / mysite现在正在侦听: http:// localhost:5010应用程序已启动。 Press Ctrl+C to shut down.
按Ctrl + C关闭。 warn: Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware[3] Failed to determine the https port for redirect.
警告:Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware [3]无法确定重定向的https端口。
So what is the best and secured way of implementing Key Storage Provider for Linux (and possibly for Windows too, universal)? 那么,为Linux实现密钥存储提供程序的最佳和最安全的方式是什么(也可能是针对Windows的,通用的)? Is there an existing one?
有现成的吗? Are there any examples?
有什么例子吗?
PS. PS。 Yes, I've seen this docs - Key Storage Providers in ASP.NET Core .
是的,我已经看过这个文档 - ASP.NET Core中的密钥存储提供程序 。
The way we implemented this, supporting load balancing scenarios as well is by using Azure ATS as the key repository. 我们实现这一点的方式,也支持负载平衡方案是使用Azure ATS作为密钥存储库。
The configuration looks this way: 配置看起来像这样:
string storageUrl = "https://[your account here].blob.core.windows.net";
string sasToken = "?sv=20XX-XX-XX&ss=x&srt=xxx&sp=xxxx&...";
string containerName = "data-protection-XXXX-XXXX-container";
string blobName = "data-protection-XXXX-XXXX-blob";
// Create the new Storage URI
Uri storageUri = new Uri($"{storageUrl}{sasToken}");
//Create the blob client object.
CloudBlobClient blobClient = new CloudBlobClient(storageUri);
//Get a reference to a container. Create it if it does not exist.
CloudBlobContainer container = blobClient.GetContainerReference(containerName);
// (NOTE: internal library, do not use in your code)
AsyncHelper.Guarded<bool>(() => { return container.CreateIfNotExistsAsync(); });
services.AddDataProtection()
.SetApplicationName("[your application name here]")
.PersistKeysToAzureBlobStorage(container, blobName)
.SetDefaultKeyLifetime(new TimeSpan(365 * 10, 0, 0, 0, 0));
Note: Review the encryption options when configuring Data Protection for extra security. 注意:配置Data Protection以获得额外的安全性时,请查看加密选项。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.