huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
140 Commits 1 Branch 0 Tags 251 MiB
Commit Graph

86 Commits

Author SHA1 Message Date
Praburaj 56cfbdde82 Fixing dataprotection on IIS 
Fixes: https://github.com/aspnet/DataProtection/issues/73

On IIS where there is no user profile, the code tries to always read the 32bit registry view irrespective of the bitness of the worker process. So in case of 64 bit app pools the registry key is null so it falls back to in memory ephemeral repository. On 32 bit app pool it can find an appropriate registry key, but the keyRepositoryDescriptor is not populated resulting in a null reference exception.

Current behavior:
X86 throws
X64 falls back to in memory ephemeral

With fix:
Both X86 and X64 will use DPAPI.
 2015-04-01 13:02:09 -07:00
Levi B d2def94712 Reliability: Tweak comparison in key revocation checks 2015-03-18 15:15:58 -07:00
Levi B fd08325918 Skip registry checks on non-Windows platforms 2015-03-18 10:42:09 -07:00
Levi B ca840d3711 Code cleanup in KeyDerivation 
- Rename PRF members to be HMAC functions (which is technically correct)
- Use NotNullAttribute where possible
 2015-03-17 22:03:43 -07:00
Levi B 271ec1bd4b Move IApplicationDiscriminator to Infrastructure namespace 2015-03-17 20:56:58 -07:00
Levi B 22927ec289 Add simple file-based provider instantiation APIs 2015-03-17 15:36:58 -07:00
Levi B 84490846b6 Move time-limited data protector to Extensions project 2015-03-17 14:52:15 -07:00
Levi B 94233e76ff Remove experimental .Azure project 2015-03-17 10:45:21 -07:00
Levi B d673df7ef3 Reliability improvements to key ring updates 
- Optimistically treat failures as transient and continue to use any existing cached key ring for a short period of time
- Updates to the key ring shouldn't block other threads; they can use the outdated version while waiting for the update
 2015-03-17 00:46:24 -07:00
Levi B 612a81d9ce Defer processing <key> descriptors until necessary 
- Make CreateNewKey more robust against bad key repositories
- Don't hide key deserialization errors
 2015-03-16 23:32:20 -07:00
Levi B 4365b531d8 Use C# 6 string interpolation feature 
Provides cleanup in logging and removes calls to String.Format
 2015-03-16 21:38:21 -07:00
Levi B 0966e37d94 Doc comment cleanup on GetApplicationUniqueIdentifier 2015-03-14 15:43:39 -07:00
Levi B 82d92064c5 Continued API improvements and refactoring 
- Add helpful extension methods to Interfaces project
- Auto heuristic detection now writes default protection settings to the ILogger
- Cleanup dead methods / add useful methods in DataProtectionConfiguration
- Update System.Web compatibility project to allow mapping MachineKey.Protect directly to IDataProtector.Protect
 2015-03-14 14:29:39 -07:00
Levi B bf7283697d Flow logging through the AuthenticatedEncryption types 2015-03-12 16:12:17 -07:00
Levi B 7fe33e8159 DataProtectionServices should prefer registry over defaults 
Comment cleanup in CNG-GCM ExportToXml
 2015-03-12 14:22:45 -07:00
Levi B 4f2288c3da Introduce concept of a "fallback key" 
This key is used if there is no preferred default key and the developer has disabled automatic key generation. This will keep the service from falling over if the keys are not rolled and they all expire.
 2015-03-11 19:39:41 -07:00
Levi B 58c823bc45 Rename KeyLifetimeOptions -> KeyManagementOptions 
Simplify default key resolution logic
Introduce API for disabling automatic key generation
 2015-03-11 19:39:35 -07:00
N. Taylor Mullen 8c7a47fb00 Update .kproj => .xproj. 2015-03-11 14:05:01 -07:00
Levi B bb1b49cc1c Fix PoliCheck violations. 2015-03-10 23:40:39 -07:00
Levi B e8cc1106d8 Significant refactorings throughout the data protection stack 
- Move IDataProtectionProvider, IDataProtector, and extension methods to their own package
- Simplify the APIs for registering and configuring the system
- Default implementation now auto-detects capabilities of OS
- Use EncryptedXml for X.509 certificate-based encryption
- Add ability to escrow secret material upon key creation
- Use centralized system policy for default algorithm selection
- Simplify System.Web compatibility layer
- Add unit tests, logging, and doc comments throughout solution
 2015-03-10 22:43:45 -07:00
N. Taylor Mullen 8f0b9a56b8 Remove BOM from project.json, *.cmd, *.sh and *.shade files. 2015-03-09 12:52:23 -07:00
N. Taylor Mullen cb5e7d82f9 Update aspnet50/aspnetcore50 => dnx451/dnxcore50. 2015-03-08 12:48:15 -07:00
Brennan 88eb10dcfe DI API changes 2015-03-05 14:21:35 -08:00
Hao Kung 32ff156923 React to DI changes, AddDataProtection no longer takes Config 2015-03-04 16:35:33 -08:00
Levi B bf0f94ce20 Store reg keys in a different folder to mitigate impact of renaming changes 2015-02-26 23:46:02 -08:00
Levi B e4db4b1189 Temporarily store keys in different folder to resolve issues caused by package renaming 2015-02-26 10:35:40 -08:00
Levi B e2ca9fc652 Rename to Microsoft.AspNet.DataProtection 
from Microsoft.AspNet.Security.DataProtection
 2015-02-25 16:49:33 -08:00
Levi B 544c83812c Add unit tests for WeakReferenceHelpers 
Doc comment cleanup on IOptimizedAuthenticatedEncryptor
 2015-02-24 18:19:31 -08:00
Levi B ab18f52e98 Add CreateProtector convenience extension method 2015-02-24 17:48:29 -08:00
Levi B 6637cb264f Split KeyDerivation into its own project 
Move shared crypto code to a common project
 2015-02-24 16:20:10 -08:00
Levi B 8ec6dc3712 Code cleanup 
Rename IAuthenticatedEncryptor2 -> IOptimizedAuthenticatedEncryptor
Rename ProtectedMemoryBlob -> Secret
Add some missing doc comments explaining
 2015-02-24 15:49:30 -08:00
Pranav K 71a2712c5a Reacting to XDocument verson change 2015-02-19 10:15:18 -08:00
Levi B 04e7bca8bf Normalize .kproj files BOM and line endings 2015-01-20 13:49:29 -08:00
Pranav K 8136affef9 Updating exception filters to use when instead of if 2014-12-16 10:21:48 -08:00
Victor Hurdugaci 0c841f934e Add schema version to kproj files 2014-11-25 10:36:04 -08:00
Hao Kung f3e9381f16 GetServices -> AddDataProtection 2014-11-24 16:40:13 -08:00
Levi B cce11ad2ae Update .kproj files to follow modern conventions 2014-11-05 14:48:56 -08:00
David Fowler e1a88b6503 Merge branch 'release' into dev 2014-10-31 03:04:33 -07:00
David Fowler 1768bfd25f Added package descriptions 2014-10-31 03:00:59 -07:00
Levi B fc4213b1f8 Reliability: Don't compile against 'experimental' language features. 
This will help prevent Roslyn changes from breaking us.
 2014-10-27 16:18:42 -07:00
Levi B 5899177af2 Merge branch 'release' into dev 2014-10-27 15:31:23 -07:00
Levi B 6797dfea48 Fix %APPDATA% detection logic. 2014-10-27 12:55:59 -07:00
Pranav K f38e258f89 Removing unused references from project.json 2014-10-24 08:24:39 -07:00
Levi B bd529b3b5b Fix ManagedAuthenticatedEncryptor not round-tripping payloads properly. 2014-10-22 11:45:39 -07:00
Levi B 6e557dc193 Fix ManagedAuthenticatedEncryptor not round-tripping payloads correctly. 2014-10-21 15:39:48 -07:00
Levi B 76b76ba099 DataProtectionServices should use keys stored in HKLM auto-gen registry when running on IIS without user profile. 2014-10-20 14:54:43 -07:00
Levi B ca95189a3b Allow DpapiNGXmlEncryptor to get the current identity's SID on CoreCLR. 2014-10-20 13:43:03 -07:00
Levi B 8fc3607a68 Fix Win7 vs Win8 detection logic for SP800-108-CTR-HMACSHA512. 2014-10-17 11:34:29 -07:00
Stephen Halter fd677047f4 Change GetService call to GetRequiredService 
Remove the assertion that the returned service is not null, since the
GetRequiredService extension method will throw instead of ever
returning null.
 2014-10-16 17:34:19 -07:00
Levi B cd33cbfc8f Add unit tests for CngAuthenticatedEncryptorBase, PBKDF2, and SP800_108-CTR-HMACSHA512. 2014-10-16 15:54:35 -07:00