Skip to content

Latest commit

 

History

History
45 lines (34 loc) · 1.79 KB

File metadata and controls

45 lines (34 loc) · 1.79 KB

Tingle.AspNetCore.DataProtection.MongoDB

Web applications often need to store security-sensitive data. Windows provides DPAPI for desktop applications, but this is unsuitable for web applications especially when running in a Docker container. The ASP.NET Core data protection stack provide a simple, easy to use cryptographic API a developer can use to protect data, including key management and rotation.

Microsoft has already provided ways to persist data protection keys to various storage systems.

This package provides the functionality to persist the data protection keys to MongoDB.

Using Dependency Injection

public void ConfigureServices(IServicesCollection services)
{
    services.AddSingleton<IMongoClient>(p => new MongoClient("mongodb://localhost:27017/my-database"));
    services.AddDataProtection()
            .PersistKeysToMongo();
}

Sample Usage

[Route("api/v1/[controller]")]
public class DummyController : ControllerBase
{
    IDataProtector _protector;
    public DummyController(IDataProtectionProvider provider)
    {
        _protector = provider.CreateProtector(nameof(DummyController));
    }

    [HttpGet]
    public Task<IActionResult> TestAsync([FromQuery] string value)
    {
        string protectedPayload = _protector.Protect(value);
        string unprotectedPayload = _protector.Unprotect(protectedPayload);

        // unprotectedPayload and value should be the same

        return Ok();
    }
}

The PersistKeysToMongo can be configured to store keys in databases and collections of your choice. By default, data protection keys will be stored in a database and collection named DataProtection and DataProtection-Keys respectively.