Skip to content

Latest commit

 

History

History
57 lines (37 loc) · 2.54 KB

File metadata and controls

57 lines (37 loc) · 2.54 KB

DistributedCache extensions for Data Protection Build status

This contains two simple classes:

  • DistributedCache DataProtection Provider
  • DistributedCache PropertiesDataFormat

DataProtection Provider

When having a distributed and stateless ASP.NET Core web server, you need to have your Data Protection keys saved to a location to be shared among your servers.

The default providers that the ASP.NET Core team provides are here

I was just going to use Redis but the implementation is hard-coded to Redis. I'm already using the DistributedCache Redis provider, so why not just link in to that? I don't need to configure two different things now.

Usage

 services.AddDataProtection()
                .PersistKeysToDistributedCache();

Boom, now if you're using IDistributedCache you now persist your generated DataProtection keys there.

DistributedCache PropertiesDataFormat

Another issue is that the state on the URL can used for Authentication can be large. Why not use cache?

This is inspired and mostly copied from: IdentityServer/IdentityServer4#407

Usage

Useful for any Authentication middleware. You need to hook it into the AuthenticationOptions for your protocol like so:

I'm using CAS Authentication

 var dataProtectionProvider = app.ApplicationServices.GetRequiredService<IDataProtectionProvider>();
 var distributedCache = app.ApplicationServices.GetRequiredService<IDistributedCache>();

 var dataProtector = dataProtectionProvider.CreateProtector(
            typeof(CasAuthenticationMiddleware).FullName,
            typeof(string).FullName, schemeName,
            "v1");

//TODO: think of a better way to create
var dataFormat = new DistributedPropertiesDataFormat(distributedCache, dataProtector);

...

 app.UseCasAuthentication(x =>
            {
                x.StateDataFormat = dataFormat;
                ...
            };

OpenId and OAuth have StateDataFormat in their options. I'm sure others do too.