private static void ConfigureWindowsDpApiNg(IDataProtectionBuilder builder, KeyProtectionOptions protectOptions) { if (!string.IsNullOrEmpty(protectOptions.WindowsDpApiNgCerticate)) { builder.ProtectKeysWithDpapiNG($"CERTIFICATE=HashId:{protectOptions.WindowsDpApiNgCerticate}", flags: DpapiNGProtectionDescriptorFlags.None); return; } if (!string.IsNullOrEmpty(protectOptions.WindowsDpApiNgSid)) { builder.ProtectKeysWithDpapiNG($"SID={protectOptions.WindowsDpApiNgSid}", flags: DpapiNGProtectionDescriptorFlags.None); return; } builder.ProtectKeysWithDpapiNG(); }
private void ConfigureDataProtection(IServiceCollection services, IAmsLicenseManager licenseManager) { var provider = services.BuildServiceProvider(); var dataProtectionOptions = provider.GetService <IOptions <Server.Configuration.DataProtectionOptions> >(); IDataProtectionBuilder builder = services.AddDataProtection(options => { options.ApplicationDiscriminator = "lithnetams"; }); SecurityIdentifier sid = WindowsIdentity.GetCurrent().User; RegistryKey key = Registry.LocalMachine.CreateSubKey($"Software\\Lithnet\\Access Manager Service\\Parameters\\Keys\\{sid}"); builder.PersistKeysToRegistry(key); if (dataProtectionOptions.Value.EnableClusterCompatibleSecretEncryption && licenseManager.IsFeatureEnabled(LicensedFeatures.DpapiNgSecretEncryption)) { if (dataProtectionOptions.Value.EnableClusterCompatibleSecretEncryption && licenseManager.IsFeatureEnabled(LicensedFeatures.DpapiNgSecretEncryption)) { builder.ProtectKeysWithDpapiNG($"SID={sid}", Microsoft.AspNetCore.DataProtection.XmlEncryption.DpapiNGProtectionDescriptorFlags.None); } else { builder.ProtectKeysWithDpapi(false); } } }
protected internal override void AddInternal(IDataProtectionBuilder builder) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } if (this.ProtectionDescriptorRule == null) { builder.ProtectKeysWithDpapiNG(); } else { builder.ProtectKeysWithDpapiNG(this.ProtectionDescriptorRule, this.Flags); } }
public static IDataProtectionBuilder ProtectKeysWithDpapiNG(this IDataProtectionBuilder builder) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } return(builder.ProtectKeysWithDpapiNG( protectionDescriptorRule: DpapiNGXmlEncryptor.GetDefaultProtectionDescriptorString(), flags: DpapiNGProtectionDescriptorFlags.None)); }