I'm configuring a .NETCore project that will be deployed into a Farm. I followed all the recommendations for adding the DataProction, so my code is like this:
services.AddMvc(
options =>
{
options.Filters.Add(typeof(AuditAttribute));
options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute());
options.AddStringTrimmingProvider();
});
var redis = StackExchange.Redis.ConnectionMultiplexer.Connect(Configuration.GetValue<string>("MySuperApp:RedisConnectionString"));
services.AddDataProtection()
.SetApplicationName("MySuperApp")
.ProtectKeysWithDpapi(true)
.PersistKeysToRedis(redis, "DataProtection-Keys");
In dev, where we have only a server this worked fine. We have only one entry in Redis like:
But when we go to test, where we have two servers we have the following:
Additional we have the following error in the mailbox
Exception Type: System.Security.Cryptography.CryptographicException
Exception Message: Error occurred during a cryptographic operation.
Stack Trace: at Microsoft.AspNetCore.DataProtection.Cng.DpapiSecretSerializerHelper.UnprotectWithDpapiCore(Byte* pbProtectedData, UInt32 cbProtectedData, Byte* pbOptionalEntropy, UInt32 cbOptionalEntropy)
at Microsoft.AspNetCore.DataProtection.Cng.DpapiSecretSerializerHelper.UnprotectWithDpapi(Byte[] protectedSecret)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.DpapiXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
Additional Info: An exception occurred while processing the key element ''.
Can someone help me with this? Are we missing some configuration on the server?
Here, if we remove the option: .ProtectKeysWithDpapi(true) will work fine, all the servers use the same keys.