From c998d74e1de26897dddaf3c2df7165341a4c0dbd Mon Sep 17 00:00:00 2001 From: Pavel Krymets Date: Wed, 1 Nov 2017 10:14:50 -0700 Subject: [PATCH] Set XmlRepository whem setting encryptor in DataProtection light-up (#117) --- .../Startup.cs | 9 +++++++ .../AzureKeyVaultHostingStartup.cs | 25 ++++++++++++++++++- 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/sample/AzureAppServicesHostingStartupSample/Startup.cs b/sample/AzureAppServicesHostingStartupSample/Startup.cs index 84f5da1dad..0b4afdb3da 100644 --- a/sample/AzureAppServicesHostingStartupSample/Startup.cs +++ b/sample/AzureAppServicesHostingStartupSample/Startup.cs @@ -1,6 +1,7 @@ using System; using System.Linq; using Microsoft.AspNetCore.Builder; +using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.DependencyInjection; @@ -12,6 +13,7 @@ namespace IISSample { public void ConfigureServices(IServiceCollection services) { + services.AddDataProtection(); } public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory) @@ -60,6 +62,13 @@ namespace IISSample await context.Response.WriteAsync(key + ": " + value + Environment.NewLine); } await context.Response.WriteAsync(Environment.NewLine); + + var protectorProvider = context.RequestServices.GetService(); + var protector = protectorProvider.CreateProtector("Purpose"); + + await context.Response.WriteAsync("Protected Query: " + protector.Protect(context.Request.QueryString.Value) + Environment.NewLine); + await context.Response.WriteAsync(Environment.NewLine); + }); } diff --git a/src/Microsoft.AspNetCore.AzureAppServices.HostingStartup/AzureKeyVaultHostingStartup.cs b/src/Microsoft.AspNetCore.AzureAppServices.HostingStartup/AzureKeyVaultHostingStartup.cs index e9c2766669..a8ca57cedd 100644 --- a/src/Microsoft.AspNetCore.AzureAppServices.HostingStartup/AzureKeyVaultHostingStartup.cs +++ b/src/Microsoft.AspNetCore.AzureAppServices.HostingStartup/AzureKeyVaultHostingStartup.cs @@ -1,6 +1,8 @@ // Copyright (c) .NET Foundation. All rights reserved. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. +using System; +using System.IO; using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Hosting; using Microsoft.Azure.KeyVault; @@ -59,7 +61,28 @@ namespace Microsoft.AspNetCore.AzureKeyVault.HostingStartup internal virtual void AddDataProtection(IServiceCollection serviceCollection, KeyVaultClient client, string protectionKey) { - serviceCollection.AddDataProtection().ProtectKeysWithAzureKeyVault(client, protectionKey); + // Duplicates functionality from GetKeyStorageDirectoryForAzureWebSites in DataProtection + // to detect key storage location when running on Azure + // because you are not alowed to set IXmlEncryptor without setting IXmlRepository + + // Check that we are running in Azure AppServices + var siteId = Environment.GetEnvironmentVariable("WEBSITE_INSTANCE_ID"); + if (string.IsNullOrWhiteSpace(siteId)) + { + return; + } + + var home = Environment.GetEnvironmentVariable("HOME"); + if (string.IsNullOrWhiteSpace(home)) + { + return; + } + + var keyLocation = new DirectoryInfo(Path.Combine(home, "ASP.NET", "DataProtection-Keys")); + + serviceCollection.AddDataProtection() + .ProtectKeysWithAzureKeyVault(client, protectionKey) + .PersistKeysToFileSystem(keyLocation); } internal virtual void AddConfiguration(IConfigurationBuilder configurationBuilder, KeyVaultClient client, string keyVault)