/// <summary>
/// Reads the data protection options directly from configuration.
/// </summary>
/// <param name="options">Options for configuring ASP.NET Core DataProtection API using local file system.</param>
/// <param name="section">The section to use in search for settings regarding data protection. Default section used is <see cref="LocalDataProtectionOptions.Name"/>.</param>
public static LocalDataProtectionOptions FromConfiguration(this LocalDataProtectionOptions options, string section = null)
{
var serviceProvider = options.Services.BuildServiceProvider();
var configuration = serviceProvider.GetRequiredService <IConfiguration>();
configuration.Bind(section ?? LocalDataProtectionOptions.Name, options);
return(options);
}
/// <summary>
/// Configures the Data Protection API for the application by using the file system.
/// </summary>
/// <param name="services">Specifies the contract for a collection of service descriptors.</param>
/// <param name="configure">Configures the available options. Null to use defaults.</param>
public static IServiceCollection AddDataProtectionLocal(this IServiceCollection services, Action <LocalDataProtectionOptions> configure = null)
{
var serviceProvider = services.BuildServiceProvider();
var hostingEnvironment = serviceProvider.GetRequiredService <IWebHostEnvironment>();
const int defaultKeyLifetime = 90;
var options = new LocalDataProtectionOptions {
ApplicationName = hostingEnvironment.ApplicationName,
CryptographicAlgorithms = new AuthenticatedEncryptorConfiguration {
EncryptionAlgorithm = EncryptionAlgorithm.AES_256_GCM,
ValidationAlgorithm = ValidationAlgorithm.HMACSHA512
},
KeyLifetime = defaultKeyLifetime
};
options.Services = services;
configure?.Invoke(options);
options.Services = null;
if (options.KeyLifetime <= 0)
{
options.KeyLifetime = defaultKeyLifetime;
}
if (string.IsNullOrWhiteSpace(options.Path))
{
options.Path = Path.Combine(hostingEnvironment.ContentRootPath, "App_Data");
}
else if (!Path.IsPathRooted(options.Path))
{
options.Path = Path.Combine(hostingEnvironment.ContentRootPath, options.Path);
}
if (!Directory.Exists(options.Path))
{
Directory.CreateDirectory(options.Path);
}
services.TryAddSingleton(typeof(IDataProtectionEncryptor <>), typeof(DataProtectionEncryptor <>));
// Enables data protection services to the specified IServiceCollection.
var dataProtectionBuilder = services.AddDataProtection()
// Configures the data protection system to use the specified cryptographic algorithms by default when generating protected payloads.
// The algorithms selected below are the default and they are added just for completeness.
.UseCryptographicAlgorithms(options.CryptographicAlgorithms)
.PersistKeysToFileSystem(new DirectoryInfo(options.Path))
// Configure the system to use a key lifetime. Default is 90 days.
.SetDefaultKeyLifetime(TimeSpan.FromDays(options.KeyLifetime))
// This prevents the apps from understanding each other's protected payloads (e.x Azure slots). To share protected payloads between two apps,
// use SetApplicationName with the same value for each app.
.SetApplicationName(options.ApplicationName);
if (options.DisableAutomaticKeyGeneration)
{
// Configure the system not to automatically roll keys (create new keys) as they approach expiration.
dataProtectionBuilder.DisableAutomaticKeyGeneration();
}
return(services);
}
