Set XmlRepository whem setting encryptor in DataProtection light-up (#117)

2017-11-01 10:14:50 -07:00 · 2017-11-01 10:14:50 -07:00 · c998d74e1d
parent 2143ef49c2
commit c998d74e1d
2 changed files with 33 additions and 1 deletions
--- a/sample/AzureAppServicesHostingStartupSample/Startup.cs
+++ b/sample/AzureAppServicesHostingStartupSample/Startup.cs
@ -1,6 +1,7 @@
 using System;
 using System.Linq;
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.DependencyInjection;
@ -12,6 +13,7 @@ namespace IISSample
    {
        public void ConfigureServices(IServiceCollection services)
        {
+            services.AddDataProtection();
        }

        public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
@ -60,6 +62,13 @@ namespace IISSample
                    await context.Response.WriteAsync(key + ": " + value + Environment.NewLine);
                }
                await context.Response.WriteAsync(Environment.NewLine);
+
+                var protectorProvider = context.RequestServices.GetService<IDataProtectionProvider>();
+                var protector = protectorProvider.CreateProtector("Purpose");
+
+                await context.Response.WriteAsync("Protected Query: " + protector.Protect(context.Request.QueryString.Value) + Environment.NewLine);
+                await context.Response.WriteAsync(Environment.NewLine);
+
            });
        }

--- a/src/Microsoft.AspNetCore.AzureAppServices.HostingStartup/AzureKeyVaultHostingStartup.cs
+++ b/src/Microsoft.AspNetCore.AzureAppServices.HostingStartup/AzureKeyVaultHostingStartup.cs
@ -1,6 +1,8 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

+using System;
+using System.IO;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.Azure.KeyVault;
@ -59,7 +61,28 @@ namespace Microsoft.AspNetCore.AzureKeyVault.HostingStartup

        internal virtual void AddDataProtection(IServiceCollection serviceCollection, KeyVaultClient client, string protectionKey)
        {
-            serviceCollection.AddDataProtection().ProtectKeysWithAzureKeyVault(client, protectionKey);
+            // Duplicates functionality from GetKeyStorageDirectoryForAzureWebSites in DataProtection
+            // to detect key storage location when running on Azure
+            // because you are not alowed to set IXmlEncryptor without setting IXmlRepository
+
+            // Check that we are running in Azure AppServices
+            var siteId = Environment.GetEnvironmentVariable("WEBSITE_INSTANCE_ID");
+            if (string.IsNullOrWhiteSpace(siteId))
+            {
+                return;
+            }
+
+            var home = Environment.GetEnvironmentVariable("HOME");
+            if (string.IsNullOrWhiteSpace(home))
+            {
+                return;
+            }
+
+            var keyLocation = new DirectoryInfo(Path.Combine(home, "ASP.NET", "DataProtection-Keys"));
+
+            serviceCollection.AddDataProtection()
+                .ProtectKeysWithAzureKeyVault(client, protectionKey)
+                .PersistKeysToFileSystem(keyLocation);
        }

        internal virtual void AddConfiguration(IConfigurationBuilder configurationBuilder, KeyVaultClient client, string keyVault)