73 lines
3.7 KiB
Markdown
73 lines
3.7 KiB
Markdown
---
|
|
title: General Data Protection Regulation (GDPR) support in ASP.NET Core
|
|
author: tdykstra
|
|
description: Learn how to access the GDPR extension points in an ASP.NET Core web app.
|
|
ms.author: tdykstra
|
|
ms.custom: mvc
|
|
ms.date: 07/11/2019
|
|
uid: security/gdpr
|
|
---
|
|
# EU General Data Protection Regulation (GDPR) support in ASP.NET Core
|
|
|
|
By [Rick Anderson](https://twitter.com/RickAndMSFT)
|
|
|
|
ASP.NET Core provides APIs and templates to help meet some of the [EU General Data Protection Regulation (GDPR)](https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-does-general-data-protection-regulation-gdpr-govern_en) requirements:
|
|
|
|
:::moniker range=">= aspnetcore-7.0"
|
|
|
|
* The project templates include extension points and stubbed markup that you can replace with your privacy and cookie use policy.
|
|
* The `Pages/Privacy.cshtml` page or `Views/Home/Privacy.cshtml` view provides a page to detail your site's privacy policy.
|
|
|
|
To enable the default cookie consent feature like that found in the ASP.NET Core 2.2 templates in a current ASP.NET Core template generated app, add the following highlighted code to `Program.cs`:
|
|
|
|
[!code-csharp[Main](~/security/gdpr/sample/RP6.0/WebGDPR/Program.cs?name=snippet_1&highlight=4-11,23)]
|
|
|
|
In the preceding code, <xref:Microsoft.AspNetCore.Builder.CookiePolicyOptions> and <xref:Microsoft.AspNetCore.Builder.CookiePolicyAppBuilderExtensions.UseCookiePolicy%2A> are used.
|
|
|
|
* Add the cookie consent partial to the `_Layout.cshtml` file:
|
|
|
|
[!code-cshtml[Main](~/security/gdpr/sample/RP6.0/WebGDPR/Pages/Shared/_Layout.cshtml?name=snippet&highlight=4)]
|
|
|
|
* Add the `_CookieConsentPartial.cshtml` file to the project:
|
|
|
|
[!code-cshtml[Main](~/security/gdpr/sample/RP6.0/WebGDPR/Pages/Shared/_CookieConsentPartial.cshtml)]
|
|
|
|
* Select the ASP.NET Core [2.2 version](xref:security/gdpr?view=aspnetcore-2.2&preserve-view=true) of this article to read about the cookie consent feature.
|
|
|
|
## Customize the cookie consent value
|
|
|
|
Specify the value used to track if the user consented to the cookie use policy using the [`CookiePolicyOptions.ConsentCookieValue`](/dotnet/api/microsoft.aspnetcore.builder.cookiepolicyoptions.consentcookievalue) property:
|
|
|
|
[!code-csharp[Main](~/security/gdpr/sample/RP6.0/WebGDPR/Program.cs?name=snippet_2&highlight=8)]
|
|
|
|
## Encryption at rest
|
|
|
|
Some databases and storage mechanisms allow for encryption at rest. Encryption at rest:
|
|
|
|
* Encrypts stored data automatically.
|
|
* Encrypts without configuration, programming, or other work for the software that accesses the data.
|
|
* Is the easiest and safest option.
|
|
* Allows the database to manage keys and encryption.
|
|
|
|
For example:
|
|
|
|
* Microsoft SQL and Azure SQL provide [Transparent Data Encryption](/sql/relational-databases/security/encryption/transparent-data-encryption) (TDE).
|
|
* [SQL Azure encrypts the database by default](https://azure.microsoft.com/updates/newly-created-azure-sql-databases-encrypted-by-default/)
|
|
* [Azure Blobs, Files, Table, and Queue Storage are encrypted by default](https://azure.microsoft.com/blog/announcing-default-encryption-for-azure-blobs-files-table-and-queue-storage/).
|
|
|
|
For databases that don't provide built-in encryption at rest, you may be able to use disk encryption to provide the same protection. For example:
|
|
|
|
* [BitLocker for Windows Server](/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server)
|
|
* Linux:
|
|
* [eCryptfs](https://launchpad.net/ecryptfs)
|
|
* [EncFS](https://github.com/vgough/encfs).
|
|
|
|
## Additional resources
|
|
|
|
* [Microsoft.com/GDPR](https://www.microsoft.com/trustcenter/Privacy/GDPR)
|
|
|
|
:::moniker-end
|
|
|
|
[!INCLUDE[](~//security/gdpr/includes/gdpr2.md)]
|
|
[!INCLUDE[](~//security/gdpr/includes/gdpr35.md)]
|
|
[!INCLUDE[](~//security/gdpr/includes/gdpr6.md)] |