堆栈内存溢出
  简体   繁体   English

是否可以禁用 ASP.NET Core 中的数据保护加密?

[英]Is it possible to disable the data protection encryption in ASP.NET Core?

 原文  2019-04-26 22:07:37       c#/ asp.net-core

问题描述

Initially in Startup.cs , We omitted the AddDataProtection() call entirely.最初在Startup.cs ,我们完全省略了AddDataProtection()调用。 When we tried deploying the app, we saw this:当我们尝试部署应用程序时,我们看到:

System.Security.Cryptography.CryptographicException: The key {...} was not found in the key ring.
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)
   at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)
   at Microsoft.AspNetCore.Session.CookieProtection.Unprotect(IDataProtector protector, String protectedText, ILogger logger)
warn: Microsoft.AspNetCore.Session.SessionMiddleware[7]
      Error unprotecting the session cookie.

When I added services.AddData.AddDataProtection().SetApplicationName("MyAppName");当我添加services.AddData.AddDataProtection().SetApplicationName("MyAppName"); to ConfigureServices() , we now see after deployingConfigureServices() ,我们现在看到部署后

System.Exception: An error was encountered while handling the remote login. ---> System.Exception: Correlation failed.
   --- End of inner exception stack trace ---
   at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.Invoke(HttpContext context)
warn: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[15]
      '.AspNetCore.Correlation.OpenIdConnect.{SomeWeirdString}' cookie not found.

I googled around for quite a bit and it seems that the "correct" way to fix this is to consolidate the encryption keys with .PersistKeysToFileSystem() .我搜索了很多,似乎解决这个问题的“正确”方法是将加密密钥与.PersistKeysToFileSystem()合并。 Is there an alternative to this though?有没有替代方案? such as disabling the encryption/data protection altogether?例如完全禁用加密/数据保护?

For some background, this app is one that we are in the last stages of migrating from ASP.NET to ASP.NET Core, and previously we stored our session states in Redis, with no encryption.对于某些背景,这个应用程序是我们从 ASP.NET 迁移到 ASP.NET Core 的最后阶段,之前我们将会话状态存储在 Redis 中,没有加密。

1 个解决方案

解决方案1
 2  2019-04-27 09:53:28

The data protection stack is required and is used to protect data in cookies, session state, temp data, etc. Data protection persists a key somewhere to encrypt and decrypt the data.数据保护堆栈是必需的,用于保护 cookie、会话状态、临时数据等中的数据。数据保护将密钥保留在某处以加密和解密数据。 There are several options to persist the keys - by default, the file system or registry is used.有几个选项可以保留密钥 - 默认情况下,使用文件系统或注册表。 When hosting on an on-premises server in IIS or in Azure, it usually just works.当托管在 IIS 或 Azure 中的本地服务器上时,它通常可以正常工作。 For other deployment options, especially using containers, you usually have to perform some configuration.对于其他部署选项,尤其是使用容器,您通常需要执行一些配置。 For instance, containers usually have ephemeral storage, so the encryption keys are lost after deploying a new container instance.例如,容器通常具有临时存储,因此在部署新容器实例后加密密钥会丢失。

As you mentioned Redis, I suggest you look into the Redis key storage provider: https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/implementation/key-storage-providers?view=aspnetcore-2.2&tabs=visual-studio#redis正如您提到的 Redis,我建议您查看 Redis 密钥存储提供商: https ://docs.microsoft.com/en-us/aspnet/core/security/data-protection/implementation/key-storage-providers?view = aspnetcore-2.2&tabs=visual-studio#redis

The following documentation resources are also a good read:以下文档资源也值得一读:

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 更改 ASP.NET 中的证书指纹 Core Data Protection API - Changing the Certificate Thumbprint in ASP.NET Core Data Protection API 群集环境中的ASP.Net核心数据保护API - ASP.Net Core Data Protection API in a Clustered Environment ASP.NET Core OpenIdConnectServer数据保护密钥位置 - ASP.NET Core OpenIdConnectServer data protection keys location 使用 ASP.NET Core 实体框架在数据层中进行数据加密 - Data Encryption in Data Layer with ASP.NET Core Entity Framework 将 asp.net MachineKey 迁移到 asp.net 核心数据保护 - Migrating asp.net MachineKey to asp.net Core Data Protection ASP.NET Core中的密钥加密 - Key encryption in ASP.NET Core 连接被拒绝 - 用于 ASP.Net Core 2.1 中的数据保护密钥的 Redis - Connection Refused - Redis for Data Protection Keys in ASP.Net Core 2.1 跨Asp.NET Core和Framework的数据保护提供程序(生成密码重置链接) - Data Protection provider across Asp.NET Core and Framework (generate password reset link) ASP.NET Core 2.1 中的数据保护仅适用于一台机器 - Data protection in ASP.NET Core 2.1 only works on one machine asp.net核心数据保护:反序列化令牌时引发异常 - asp.net core data protection : An exception was thrown while deserializing the token
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM