From a2d1199f486bd3a530dd87e8126fe9c68c0f7a80 Mon Sep 17 00:00:00 2001 From: Mark McGookin Date: Sun, 2 May 2021 17:43:06 +0100 Subject: [PATCH] Updated documentation to include PersistKeysToDbContext (#22003) * Updated documentation to include PersistKeysToDbContext in aspnetcore > security > data-protection > configuration > overview * fixed formatting * Update aspnetcore/security/data-protection/configuration/overview.md Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com> * Update aspnetcore/security/data-protection/configuration/overview.md Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com> Co-authored-by: Mark McGookin Co-authored-by: Rick Anderson <3605364+Rick-Anderson@users.noreply.github.com> --- .../data-protection/configuration/overview.md | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/aspnetcore/security/data-protection/configuration/overview.md b/aspnetcore/security/data-protection/configuration/overview.md index fbd623df46..fff79cb98f 100644 --- a/aspnetcore/security/data-protection/configuration/overview.md +++ b/aspnetcore/security/data-protection/configuration/overview.md @@ -96,6 +96,26 @@ public void ConfigureServices(IServiceCollection services) > [!WARNING] > If you change the key persistence location, the system no longer automatically encrypts keys at rest, since it doesn't know whether DPAPI is an appropriate encryption mechanism. +## PersistKeysToDbContext + +To store keys in a database using EntityFramework, configure the system with the [Microsoft.AspNetCore.DataProtection.EntityFrameworkCore](https://www.nuget.org/packages/Microsoft.AspNetCore.DataProtection.EntityFrameworkCore/) package: + +```csharp +public void ConfigureServices(IServiceCollection services) +{ + services.AddDataProtection() + .PersistKeysToDbContext() +} +``` + +The preceding code stores the keys in the configured database. The database context being used must implement `IDataProtectionKeyContext`. `IDataProtectionKeyContext` exposes the property `DataProtectionKeys` + +```csharp +public DbSet DataProtectionKeys { get; set; } +``` + +This property represents the table in which the keys are stored. Create the table manually or with `DbContext` Migrations. See for more information. + ## ProtectKeysWith\* You can configure the system to protect keys at rest by calling any of the [ProtectKeysWith\*](/dotnet/api/microsoft.aspnetcore.dataprotection.dataprotectionbuilderextensions) configuration APIs. Consider the example below, which stores keys on a UNC share and encrypts those keys at rest with a specific X.509 certificate: