Ephemeral data protection providers in ASP.NET Core
There are scenarios where an application needs a throwaway IDataProtectionProvider
. For example, the developer might just be experimenting in a one-off console application, or the application itself is transient (it's scripted or a unit test project). To support these scenarios the Microsoft.AspNetCore.DataProtection package includes a type EphemeralDataProtectionProvider
. This type provides a basic implementation of IDataProtectionProvider
whose key repository is held solely in-memory and isn't written out to any backing store.
Each instance of EphemeralDataProtectionProvider
uses its own unique primary key. Therefore, if an IDataProtector
rooted at an EphemeralDataProtectionProvider
generates a protected payload, that payload can only be unprotected by an equivalent IDataProtector
(given the same purpose chain) rooted at the same EphemeralDataProtectionProvider
instance.
The following sample demonstrates instantiating an EphemeralDataProtectionProvider
and using it to protect and unprotect data.
using System;
using Microsoft.AspNetCore.DataProtection;
public class Program
{
public static void Main(string[] args)
{
const string purpose = "Ephemeral.App.v1";
// create an ephemeral provider and demonstrate that it can round-trip a payload
var provider = new EphemeralDataProtectionProvider();
var protector = provider.CreateProtector(purpose);
Console.Write("Enter input: ");
string input = Console.ReadLine();
// protect the payload
string protectedPayload = protector.Protect(input);
Console.WriteLine($"Protect returned: {protectedPayload}");
// unprotect the payload
string unprotectedPayload = protector.Unprotect(protectedPayload);
Console.WriteLine($"Unprotect returned: {unprotectedPayload}");
// if I create a new ephemeral provider, it won't be able to unprotect existing
// payloads, even if I specify the same purpose
provider = new EphemeralDataProtectionProvider();
protector = provider.CreateProtector(purpose);
unprotectedPayload = protector.Unprotect(protectedPayload); // THROWS
}
}
/*
* SAMPLE OUTPUT
*
* Enter input: Hello!
* Protect returned: CfDJ8AAAAAAAAAAAAAAAAAAAAA...uGoxWLjGKtm1SkNACQ
* Unprotect returned: Hello!
* << throws CryptographicException >>
*/
ASP.NET Core
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for