asp.net-coreredisantiforgerytokendata-protection
ASP.NET Core DataProtection + Redis + Multiple Keys per Machine
I'm configuring a .NETCore project that will be deployed into a Farm. I followed all the recommendations for adding the DataProction, so my code is like this:
services.AddMvc(
options =>
{
options.Filters.Add(typeof(AuditAttribute));
options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute());
options.AddStringTrimmingProvider();
});
var redis = StackExchange.Redis.ConnectionMultiplexer.Connect(Configuration.GetValue<string>("MySuperApp:RedisConnectionString"));
services.AddDataProtection()
.SetApplicationName("MySuperApp")
.ProtectKeysWithDpapi(true)
.PersistKeysToRedis(redis, "DataProtection-Keys");
In dev, where we have only a server this worked fine. We have only one entry in Redis like:
But when we go to test, where we have two servers we have the following:
Additional we have the following error in the mailbox
Exception Type: System.Security.Cryptography.CryptographicException
Exception Message: Error occurred during a cryptographic operation.
Stack Trace: at Microsoft.AspNetCore.DataProtection.Cng.DpapiSecretSerializerHelper.UnprotectWithDpapiCore(Byte* pbProtectedData, UInt32 cbProtectedData, Byte* pbOptionalEntropy, UInt32 cbOptionalEntropy)
at Microsoft.AspNetCore.DataProtection.Cng.DpapiSecretSerializerHelper.UnprotectWithDpapi(Byte[] protectedSecret)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.DpapiXmlDecryptor.Decrypt(XElement encryptedElement)
at Microsoft.AspNetCore.DataProtection.XmlEncryption.XmlEncryptionExtensions.DecryptElement(XElement element, IActivator activator)
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.DeserializeDescriptorFromKeyElement(XElement keyElement)
Additional Info: An exception occurred while processing the key element ''.
Can someone help me with this? Are we missing some configuration on the server?
Solution
Here, if we remove the option: .ProtectKeysWithDpapi(true) will work fine, all the servers use the same keys.
- How can I make my Blazor Web App save the login infor entered as it would in InteractiveServer but still be able to use the HttpContext for login?
- Exchanging a google idToken for local openId token c#
- Is the ConfigureApplicationCookie(...) designed to allow us to configure an existing cookie by default in the default scheme (Cookies)?
- How to manage user claims?
- How can I use Dependency Injection in an ASP.NET Core ActionFilterAttribute?
- How to get Role Claims in asp.net core 6 web api?
- ASP.NET Core Web API - FluentValidationMvcExtensions.AddFluentValidation(IMvcBuilder, Action<FluentValidationMvcConfiguration>)' is obsolete
- Write and read string from MemoryStream
- How to Implement Polymorphic Request Bodies in ASP.NET Core Web API with Swagger UI?
- How to set up Automapper in ASP.NET Core
- What means skipNegotiation in SignalR HubConnection?
- BasePageModel in Razor Pages
- How to auto increment the version (eg. “1.0.*”) of a .NET Core project?
- Secrets inject securely Dockerfile during build .NET
- EF Core 8 does not merge entities
- How to use appsettings.json in Asp.net core 6 Program.cs file
- How to determine if asp.net core has been installed on a windows server
- .NET 8 Blazor Server - role authorization with Windows Authentication
- Should EFCore migrations be committed to version control?
- EF Core one-to-one relation returns one-to-many relation
- How to deal with Id property in DTO in ASP.NET Web API
- Get null in controller when implementing IEnumerable in ASP NET model
- .NET Core 3.1 GoogleSignIn -The authentication handler registered for scheme 'Bearer' is 'JwtBearerHandler' which cannot be used for SignInAsync
- How do I serve static files only to authorized users?
- .NET 7 and UseEndPoints()
- 'Unable to resolve service for type ¨Microsoft.entityFrameworkCore.DbContextOptions¨1[LibraryData.LibraryContext] while attempting to activate
- Require authenticated user in asp.net core but require custom policy in some actions require custom policy
- Stop request in CookieAuthenticationEvents.OnValidatePrincipal after response body has been written to
- IDX10603: The algorithm: 'HS256' requires the SecurityKey.KeySize to be greater than '128' bits. KeySize reported: '32'. Parameter name: key.KeySize
- Relation between Authorization middleware and filter Asp.net core