protected internal override void AddInternal(IDataProtectionBuilder builder) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } builder.PersistKeysToDbContext <DataProtectionContext>(); }
public static IDataProtectionBuilder ConfigureDataProtection(this IDataProtectionBuilder builder, IConfiguration configuration) { var dataProtectionsOptions = configuration.Get <Aguacongas.TheIdServer.Models.DataProtectionOptions>(); if (dataProtectionsOptions == null) { return(builder); } builder.AddKeyManagementOptions(options => configuration.GetSection(nameof(KeyManagementOptions))?.Bind(options)); ConfigureEncryptionAlgorithm(builder, configuration); switch (dataProtectionsOptions.StorageKind) { case StorageKind.AzureStorage: builder.PersistKeysToAzureBlobStorage(new Uri(dataProtectionsOptions.StorageConnectionString)); break; case StorageKind.EntityFramework: builder.PersistKeysToDbContext <OperationalDbContext>(); break; case StorageKind.FileSytem: builder.PersistKeysToFileSystem(new DirectoryInfo(dataProtectionsOptions.StorageConnectionString)); break; case StorageKind.Redis: var redis = ConnectionMultiplexer.Connect(dataProtectionsOptions.StorageConnectionString); if (string.IsNullOrEmpty(dataProtectionsOptions.RedisKey)) { builder.PersistKeysToStackExchangeRedis(redis); break; } builder.PersistKeysToStackExchangeRedis(redis, dataProtectionsOptions.RedisKey); break; case StorageKind.Registry: #pragma warning disable CA1416 // Validate platform compatibility builder.PersistKeysToRegistry(Registry.CurrentUser.OpenSubKey(dataProtectionsOptions.StorageConnectionString)); #pragma warning restore CA1416 // Validate platform compatibility break; } var protectOptions = dataProtectionsOptions.KeyProtectionOptions; if (protectOptions != null) { switch (protectOptions.KeyProtectionKind) { case KeyProtectionKind.AzureKeyVault: builder.ProtectKeysWithAzureKeyVault(protectOptions.AzureKeyVaultKeyId, protectOptions.AzureKeyVaultClientId, protectOptions.AzureKeyVaultClientSecret); break; case KeyProtectionKind.WindowsDpApi: builder.ProtectKeysWithDpapi(protectOptions.WindowsDPAPILocalMachine); break; case KeyProtectionKind.WindowsDpApiNg: ConfigureWindowsDpApiNg(builder, protectOptions); break; case KeyProtectionKind.X509: if (!string.IsNullOrEmpty(protectOptions.X509CertificatePath)) { var certificate = SigningKeysLoader.LoadFromFile(protectOptions.X509CertificatePath, protectOptions.X509CertificatePassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.UserKeySet); builder.ProtectKeysWithCertificate(certificate); break; } builder.ProtectKeysWithCertificate(protectOptions.X509CertificateThumbprint); break; } } return(builder); }