Reputation: 739
How to store machine key in .NET Core for encrypting / decrypting auth cookie
I have an MVC5 app which is acting as a single sign on portal by creating a cookie which can be read by other MVC apps. This works fine because I have aligned the machine keys and set the cookie domain.
I now need to add in a .NET Core app which needs to be able to read the auth cookie too.
I understand that the machine key is no longer stored in the web config in .NET Core apps, and instead are stored in a directory on the file system.
I followed Microsoft's tutorial on how to do this, but it doesn't seem to explain how the keys should be stored.
Does anybody know how to actually store the machine key value so that the DataProtectionProvider can access it?
Thanks
Upvotes: 0
Views: 1521
Answers (1)
Reputation: 739
So I was under the wrong impression that you added the key files yourself to the file system location passed to DataProtectionProvider.Create.
It turns out that the cookie encryption key is placed in that directory automatically by the app when it us used. So I'm guessing by pointing both apps to the same location (maybe with a bit of fiddling) then they should be able to share the auth cookie.
Upvotes: 1
Related Questions
- Using machine keys for IDataProtector - ASP.NET CORE
- How to implement machineKey in ASP.NET Core 2.0
- Decrypt ".AspNetCore.Session" cookie in ASP.NET Core
- DataProtection - Share machine key between multiple applications
- Machine key implementation in .NET Core 3.1
- How To Config MachineKey In Asp.Net Core In IIS Level
- ASP.NET Core 2.1 Cookie Persistence
- What is the recommended solution for user secrets storage in ASP.NET core in non-Azure production environment?
- Key encryption in ASP.NET Core
- How to gain access to Asp.Net Core encryption keys?