DataProtection | Additional utilities and support for working with ASP.NET | TLS library

 by   tillig C# Version: Current License: MIT

kandi X-RAY | DataProtection Summary

kandi X-RAY | DataProtection Summary

DataProtection is a C# library typically used in Security, TLS applications. DataProtection has no bugs, it has no vulnerabilities, it has a Permissive License and it has low support. You can download it from GitHub.

Additional utilities and support for working with ASP.NET Core DataProtection. This repo is provided as an example for code that can help get ASP.NET Core data protection working in a non-Azure farm environment.
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              DataProtection has a low active ecosystem.
              It has 30 star(s) with 5 fork(s). There are 4 watchers for this library.
              OutlinedDot
              It had no major release in the last 6 months.
              There are 1 open issues and 1 have been closed. On average issues are closed in 5 days. There are no pull requests.
              It has a neutral sentiment in the developer community.
              The latest version of DataProtection is current.

            kandi-Quality Quality

              DataProtection has 0 bugs and 0 code smells.

            kandi-Security Security

              DataProtection has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              DataProtection code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              DataProtection is licensed under the MIT License. This license is Permissive.
              Permissive licenses have the least restrictions, and you can use them in most projects.

            kandi-Reuse Reuse

              DataProtection releases are not available. You will need to build from source code and install.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of DataProtection
            Get all kandi verified functions for this library.

            DataProtection Key Features

            No Key Features are available at this moment for DataProtection.

            DataProtection Examples and Code Snippets

            No Code Snippets are available at this moment for DataProtection.

            Community Discussions

            QUESTION

            Data Protection in .NET6 with multiple web applications
            Asked 2022-Mar-10 at 07:23

            I have 2 load balanced IIS servers - mirrored. Each server has multiple .NetFramework web applications. Each app is running under different pool user and the code is placed in different folders.

            Now I need to migrate these apps to .NET6

            I have MSSQL database with dp.Keys table. And I faced with the problem with DataProtection - all apps are using the same key. Because of this I can't use DpapiNG keys protection. I also want to have 1 key per app (app1 on 1st server and app1 on 2nd server use key1 from DB).

            Here is my code:

            ...

            ANSWER

            Answered 2022-Mar-10 at 07:23

            Found the answer here: https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview?view=aspnetcore-6.0

            Data Protection and app isolation
            • When multiple apps are pointed at the same key repository, the intention is that the apps share the same master key material. Data Protection is developed with the assumption that all apps sharing a key ring can access all items in that key ring. The application unique identifier is used to isolate application specific keys derived from the key ring provided keys. It doesn't expect item level permissions, such as those provided by Azure KeyVault to be used to enforce extra isolation. Attempting item level permissions generates application errors. If you don't want to rely on the built-in application isolation, separate key store locations should be used and not shared between applications.
            • The application discriminator is used to allow different apps to share the same master key material but to keep their cryptographic payloads distinct from one another. For the apps to be able to read each other's cryptographic payloads, they must have the same application discriminator.
            • If an app is compromised (for example, by an RCE attack), all master key material accessible to that app must also be considered compromised, regardless of its protection-at-rest state. This implies that if two apps are pointed at the same repository, even if they use different app discriminators, a compromise of one is functionally equivalent to a compromise of both. This "functionally equivalent to a compromise of both" clause holds even if the two apps use different mechanisms for key protection at rest. Typically, this isn't an expected configuration. The protection-at-rest mechanism is intended to provide protection in the event an adversary gains read access to the repository. An adversary who gains write access to the repository (perhaps because they attained code execution permission within an app) can insert malicious keys into storage. The Data Protection system intentionally doesn't provide protection against an adversary who gains write access to the key repository.
            • If apps need to remain truly isolated from one another, they should use different key repositories. This naturally falls out of the definition of "isolated". Apps are not isolated if they all have Read and Write access to each other's data stores.

            I decided to use Azure blob storage (container per app) with DpapiNG protection. It works perfect.

            Source https://stackoverflow.com/questions/71253147

            QUESTION

            Unable to run docker container
            Asked 2022-Mar-08 at 15:21

            I want to run my .NET MVC application into a docker image: but I'm unable to test it.

            Here is my Dockerfile:

            ...

            ANSWER

            Answered 2022-Mar-08 at 15:21

            You don't map any ports when you run it, so you can't reach the container. Your container seems to run fine aside from that.

            Try

            Source https://stackoverflow.com/questions/71397242

            QUESTION

            My docker image is not seeing the enviornemnt variables when using the `--env` yet it sees with using docker-compose
            Asked 2022-Jan-16 at 22:38

            I created a docker image of my OrchardCore project. I tried to run it using the following command

            ...

            ANSWER

            Answered 2022-Jan-16 at 22:38

            Docker options need to go before the image name. Anything after the image name becomes a command for the image. So you need to do

            Source https://stackoverflow.com/questions/70734577

            QUESTION

            Authentication always using an old token value
            Asked 2022-Jan-09 at 05:40

            I have a problem that I don't know how to resolve. I have a microservice model (based on the Volo ABP Microservice Demo) for my project, I have an API with all the methods to retrieve data, an AuthServer that acts as the authority for all my projects, and a gateway that translates the requests.

            This is how I have configured my authentication in my Gateway project:

            ...

            ANSWER

            Answered 2022-Jan-07 at 23:46

            The problem was in the browser. It seems that Google Chrome stores the token in the Application tab even if you have the Disable cache option selected. And even if you force the page to empty the cache and force the reload, the token will remain there.

            In the Application tab, you need to clean everything under the Storage section in order to fix this issue. Honestly a nightmare, I lost practically the entire day trying to come up with a solution until I realized this.

            Source https://stackoverflow.com/questions/70626998

            QUESTION

            How to run Visual Studio generated ASP.NET Core Sample Web App Docker image from command line?
            Asked 2021-Dec-31 at 16:31

            I have

            1. Forked the planetaryDocs project (a sample server resident Blazor Web App),
            2. Used Visual Studio 2022 to create a docker container
            3. Run that docker container (via Visual Studio) and

            and Visual Studio pops up a browser pointing at the web server and it seems to working fine.

            When I do docker image ls I see the planetarydocs image.

            I want to experiment with the docker run command line. How do I do that? I stop the Visual Studio docker container and

            ...

            ANSWER

            Answered 2021-Dec-31 at 05:06

            from the repository you pointed, the app seems to use port 8081.

            PlanetaryDocs/appsettings.json

            Source https://stackoverflow.com/questions/70539014

            QUESTION

            Failure to get token from Azure Key Vault
            Asked 2021-Dec-20 at 20:42

            I have a Blazor WASM application using Identity for authentication that was working fine on Friday. Last night I went to make changes and both the application running in Azure and running locally on my machine began presenting an exception after startup. Nothing has changed in the environment or the code base between everything working fine and now.

            The app runs, redirects to the login page, the get is processed fine on the server but throws an exception on the first line of markup in the .cshtml file (assuming because it is failing to encrypt the content at that point):

            An unhandled exception occurred while processing the request. CredentialUnavailableException: EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, string additionalMessage)

            AggregateException: Multiple exceptions were encountered while attempting to authenticate. (EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot) (ManagedIdentityCredential authentication unavailable. Multiple attempts failed to obtain a token from the managed identity endpoint.) (Process "C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Extensions\lybeojxv.4oe\TokenService\Microsoft.Asal.TokenService.exe" has failed with unexpected error: TS003: Error, TS004: Unable to get access token. 'AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '{IDREDACTED}'(Visual Studio) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. Trace ID: {IDREDACTED} Correlation ID: {IDREDACTED} Timestamp: 2021-12-20 19:46:59Z'.) (Stored credentials not found. Need to authenticate user in VSCode Azure Account. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/vscodecredential/troubleshoot) (Azure CLI not installed) (PowerShell is not installed.) Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex, string additionalMessage)

            CredentialUnavailableException: DefaultAzureCredential failed to retrieve a token from the included credentials. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/defaultazurecredential/troubleshoot

            • EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot
            • ManagedIdentityCredential authentication unavailable. Multiple attempts failed to obtain a token from the managed identity endpoint.
            • Process "C:\Program Files\Microsoft Visual Studio\2022\Community\Common7\IDE\Extensions\lybeojxv.4oe\TokenService\Microsoft.Asal.TokenService.exe" has failed with unexpected error: TS003: Error, TS004: Unable to get access token. 'AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application '{IDREDACTED}'(Visual Studio) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. Trace ID: {IDREDACTED} Correlation ID: {IDREDACTED} Timestamp: 2021-12-20 19:46:59Z'.
            • Stored credentials not found. Need to authenticate user in VSCode Azure Account. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/vscodecredential/troubleshoot
            • Azure CLI not installed
            • PowerShell is not installed. Azure.Identity.DefaultAzureCredential.GetTokenFromSourcesAsync(TokenCredential[] sources, TokenRequestContext requestContext, bool async, CancellationToken cancellationToken)

            CryptographicException: An error occurred while trying to encrypt the provided data. Refer to the inner exception for more information. Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Protect(byte[] plaintext)

            I can't find anything in the related documentation and troubleshooting guides that seem to be relevant to my setup and issue. And I feel like I have to be missing something simple like an expiration or change of some credentials but I can't find anything that would appear to be the culprit, and not a single part of the codebase was changed, nor was the Azure environment touched at all by anyone from the time I know it was functional to when this began.

            ...

            ANSWER

            Answered 2021-Dec-20 at 20:42

            Whelp, after pulling my hair out for 2 days, I was able to resolve this by installing the Azure CLI on my machine and running the "az login" command from a PowerShell window. That's all. Hopefully this saves someone else a lot of time.

            Source https://stackoverflow.com/questions/70427351

            QUESTION

            How to connect to app inside docker container inside wsl2 from Windows host?
            Asked 2021-Dec-12 at 11:43

            On Windows:

            I just created app via dotnet new mvc and created Dockerfile for that:

            ...

            ANSWER

            Answered 2021-Dec-12 at 11:43

            you need to expose port using -p

            Source https://stackoverflow.com/questions/70322957

            QUESTION

            IdentityServer4 (v3.1.x) Entity Framework - Session not persistent
            Asked 2021-Nov-17 at 08:08

            I'm using IdentityServer4 (v3.1.x) with the Entity Framework package to allow the configuration and operational settings to be stored in a database. I've noticed however that for -some- reason the duration of which users are logged in to IS4 is determined by the IIS Application Pool 'recycle interval' setting, which I've currently set at 30 minutes. This is different from the expected behavior, of the users' session being as long as the access_token duration / refresh_token duration allows for.

            When the IIS Application Pool 'recycle interval' is set to a higher value (1740 minutes max), the problem disappears. What I expect however is for the 'session' (for the lack of a better name) to be persistent between application pools and application pool recycles.

            What am I doing wrong, and what do I need to change to make it work?

            Durations:

            • IdentityTokenLifetime: 300s / 5m
            • IdentityAccessToken: 300s / 5m
            • AuthorizationCodeLifetime: 300s / 5m
            ...

            ANSWER

            Answered 2021-Nov-15 at 12:32

            The cookies are encrypted using the Data Protection APIs in ASP.NET Core and for production it is wise to configure this properly, so the encryption key/key-ring is persisted outside your web-application.

            I did blog about the data protection API here:

            See also these links:

            Source https://stackoverflow.com/questions/69972987

            QUESTION

            sed - remove multiple lines if contains ends in 'can't find label'
            Asked 2021-Oct-24 at 04:33

            I have a very large log file (more than 2GB) and would like to remove all debug logs if they contain 'EntityFramework'.

            ...

            ANSWER

            Answered 2021-Oct-15 at 09:56

            The current error is due to the comma after the b label, there must be a semi-colon. Also, you should include /.*EntityFramework.*/d (or better, /EntityFramework/d) into the command block so that it is executed only inside it:

            Source https://stackoverflow.com/questions/69582877

            QUESTION

            Warnings in Kubernetes "Storing keys in a directory '{path}' that may not be persisted outside of the container. "
            Asked 2021-Oct-10 at 08:00

            We are getting warnings in our production logs for .Net Core Web API services that are running in Kubernetes.

            Storing keys in a directory '{path}' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.","@l":"Warning","path":"/root/.aspnet/DataProtection-Keys",SourceContext:"Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository"

            We do not explicitly call services.AddDataProtection() in StartUp, but it seems that we are getting the warnings for services that are using .Net Core 3.1 and .Net 5.(not for .Net Core 2.1) ,that also have in StartUp

            ...

            ANSWER

            Answered 2021-Oct-10 at 08:00

            After analysis how our applications are using protected data(authentication cookies, CSRF tokens etc) our team decided , that “Protected data will be unavailable when container is destroyed." is just a warning and would have no customer impact, so we ignore it.

            But YMMV.

            Source https://stackoverflow.com/questions/69279883

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install DataProtection

            You can download it from GitHub.

            Support

            For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/tillig/DataProtection.git

          • CLI

            gh repo clone tillig/DataProtection

          • sshUrl

            git@github.com:tillig/DataProtection.git

          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Consider Popular TLS Libraries

            mkcert

            by FiloSottile

            v2rayN

            by 2dust

            acme.sh

            by acmesh-official

            nginxconfig.io

            by digitalocean

            v2ray

            by 233boy

            Try Top Libraries by tillig

            SublimeMSBuild

            by tilligPython

            ps-bash-completions

            by tilligShell

            plantuml-in-azdo-wiki

            by tilligJavaScript

            FirefoxNtlmAuth

            by tilligJavaScript

            LoyaltyCard

            by tilligJavaScript