DataProtector | protect data | Architecture library
kandi X-RAY | DataProtector Summary
kandi X-RAY | DataProtector Summary
by Max Neunhoeffer and Jan Steemann. In multi-threaded applications running on multi-core systems, it occurs often that there are certain data structures, which are frequently read but relatively seldom changed. An example of this would be a database server that has a list of databases that changes rarely, but needs to be consulted for every single query hitting the database. In such sitations one needs to guarantee fast read access as well as protection against inconsistencies, use after free and memory leaks. Therefore we seek a lock-free protection mechanism that scales to lots of threads on modern machines and uses only C++11 standard library methods. The mechanism should be easy to use and easy to understand and prove correct. This repository presents a solution to this, which is probably not new, but which we still did not find anywhere else. See the file DataProtector.md for more details about the code in this repository.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of DataProtector
DataProtector Key Features
DataProtector Examples and Code Snippets
Community Discussions
Trending Discussions on DataProtector
QUESTION
I am storing some data in an external key-value store. This data is used as a cache. Because of the nature of the data we need to encrypt/hash the keys as well as values. We are using DataProtection APIs for the encryption and decryption with the default algorithm (AES-256-CBC). As per my knowledge, the encryption of the same plaintext doesn't give you the same cyphertext in this algorithm, so I can't encrypt the keys because next time I won't have the same encrypted key for lookup.
If we hash the keys (using SHA-256) instead of encrypting it, we can actually solve this problem but in some rare scenarios hashing can cause collisions and in our application, due to the nature of data we can't afford to have even a single collision. Code example:
...ANSWER
Answered 2021-Apr-23 at 08:18I don't know about the size of your data. But you can use hashing in this way to reduce the chances of collisions to 0.
- Hash the original key before storing it to your external store.
- You can tweak the value to be a dictionary of key:value, where key is original key and value is original value.
- Encrypt the value (now a dictionary) before storing it to the store.
- Next time onwards, when you want to do the lookup. First hash the original key and check for the match. If it matches then decrypt the dictionary value and do the lookup of original key in the dictionary. If match then good. If the original key is not found then append the new key and value in this dictionary and then encrypt the whole dictionary again and store it on your store.
This reduces the collision to 0 but this will increase the payload size which may not be desired in your case.
QUESTION
I am using Microsoft.AspNetCore.DataProtection
for encryption and decryption of my data with the default algorithm (AES-256-CBC). As per my finding, I understand that given the same IV and same plaintext this encryption results in the same cipherText again and again. I have a use case where I need to do a data lookup for a plainText which I might have encrypted earlier and stored in some DB. I don't have an option to fetch from db and decrypt the data to check for a match.
Code example,
...ANSWER
Answered 2021-Apr-18 at 05:29As per these documents, each Encrypt
call generates a separate key and a random initialization vector (IV) at least with the default settings i.e AES-256-CBC for payload protection and HMACSHA256 for authenticity. For this reason, we can't generate the same cipherText corresponding to a given plainText.
QUESTION
I have followed the setup suggested in this article https://docs.microsoft.com/en-us/aspnet/core/security/cookie-sharing?view=aspnetcore-5.0#share-authentication-cookies-between-aspnet-4x-and-aspnet-core-apps
I set the authentication cookie by logging in to the .net 4x App and then try and access a page class that is guarded by the [Authorize]
attibute on the .net 5 core app. This fails and I am directed back to the login page. If I remove the [Authorize]
attribute and access and decrypt the shared Authentication cookie I can see the user and claims that were created by the .net 4x app in the AuthenticationTicket (see code below) - but when trying to access the ClaimsPrincipal User in the page. this User does not have any of the details as per the cookie. The var user = _userManager.GetUserAsync(User).Result;
is always null.
ANSWER
Answered 2020-Dec-14 at 16:06For anyone who sees this - I was able to solve this issue. I removed these lines and replaced services.AddIdentity() .AddEntityFrameworkStores();
with the following:
services.AddIdentityCore().AddRoles().AddSignInManager() .AddEntityFrameworkStores();
I removed my own identity user to eliminate any issues if any were because of the user and used the AddIdentityCore method rather than AddIdentity . This stopped the error I kept getting stating the the "Scheme already exists: Identity.Application" because of this line .AddCookie("Identity.Application"
.
Also i added the app name to both applications:
.net 4x ,(builder) => { builder.SetApplicationName("cms-app"); })
and in the .net core app .PersistKeysToFileSystem(new DirectoryInfo(@"c:\temp\keyring")) .SetApplicationName("cms-app");
QUESTION
I recently migrated to ASP.NET Core 3.0 and facing the DI issue while startups... they were working fine for ASP.NET Core 2.2. If I use the old WebHostBuilder in ASP.NET CORE 3.0 then I do not see the issues. Not sure is the issues are specific to new HostBuilder in Program.cs or DI has changed in 3.0.
Program.cs
...ANSWER
Answered 2019-Nov-22 at 03:14It may happen if something else injects that same class later (for example, AddIdentity
).
I cannot reproduce the problem you are describing and do not have the same classes in my Identity package (I guess you are using an extended one?), so I have to create my own:
QUESTION
Let's consider a common-known ASP.NET Core scenario. Firstly we add the middleware:
...ANSWER
Answered 2017-May-24 at 07:56It's worth noting that you don't need to gain access to the keys to decrypt the authentication cookie. You simply need to use the right IDataProtector
created with the right purpose parameter, and subpurpose parameters.
Based on the CookieAuthenticationMiddleware
source code https://github.com/aspnet/Security/blob/rel/1.1.1/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationMiddleware.cs#L4 it looks like the purpose you need to pass is typeof(CookieAuthenticationMiddleware)
. And since they are passing additional parameters to the IDataProtector
you will need to match them. So this line of code should get you an IDataProtector
that can be used to decrypt the authentication cookie:
QUESTION
I have implemented cookie storage using Redis. I followed this code example for the most part...
Nothing special about my Startup.Auth class:
...ANSWER
Answered 2018-Aug-18 at 08:03Edit following the comments below
The .AspNet.Cookies
is the authentication cookie that allows the server to know when a user is logged in to your application.
The fact that you use Redis doesn't mean there's no need for a cookie anymore. How could you differentiate users A and B if they didn't send cookies?
If you were not using Redis, the authentication cookie value would contain the user information. When using Redis, the user information is stored there, and the authentication cookie value contains the Redis key that allows to access this information.
A session cookie is different from an athentication cookie in the sense that a user doesn't need to be logged in for you to store session data for them. This could be useful for, let's say, an ecommerce application where you show both unlogged and logged users which products they have looked at.
The same concept could apply to session: instead of storing that data in the cookie, you could decide to use an external store so that the amount of data that travels between the browser ad the server is minimal (only the session key).
Original answer
A cookie is still needed to identify the user.
The difference is that the cookie now no longer contains the session data, but only the Redis key that allows to access the session data.
QUESTION
I'm writing a web-application in .net core that uses an API and a Website.
The web-service builds a JWT-token. This is the service-configuration (removed unnecessary parts)
...ANSWER
Answered 2018-Apr-19 at 19:29So after @Tseng helped me a lot with his input, here is my result (more input on how to do it better would be nice):
Added the un-protector for the token as a service with adding in Startup.cs
QUESTION
How can we find the given string is encrypted or plain string?
to be honest thats all the question. For instance when I'm using dataprotection using DPAPI encryption, when the given string is already a encrypted string or may be before decrypt call, check if the given string is encrypted.
...ANSWER
Answered 2017-Nov-03 at 01:56I honestly am not familiar with DDAPI. A generic answer though since it's a generic question...
A string is just a piece of data. It's impossible to know if it's junk (encrypted) or not (decrypted) without knowing what to look for, that is, some kind of context or indicator you always know to look for. I would suggest that you encrypt your data (your string), then sign it. In 'isprotected', try to verify the signature. If it verifies you'll know you need to decrypt it and it's from a trustworthy source.
QUESTION
I have the following code that ensures the Token lifetime span for email verification tokens expire after 14 days :-
...ANSWER
Answered 2017-Nov-01 at 08:37You need to override
QUESTION
I have 3 web applications on Azure.
- Webapp1 is www.mydomain.com
- Webapp2 is admin.mydomain.com
- Webapp3 is user.mydomain.com
When I log on WebApp1, I want to be logged on all other subdomains.
I want to use social providers to authenticate my users, and use asp.net Identity for authorization.
After reading docs & SO questions here is what I have in my Startup.cs
...ANSWER
Answered 2017-Oct-03 at 17:04The identity cookie doesn't have a domain set. You don't need to add Cookie a second time, because Identity already adds it, and you need to configure that instance, not the new one you're creating
So try using ConfigureApplicationCookie
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install DataProtector
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page