daohualiuxiang
/
AspNetCore.Docs
mirror of https://github.com/dotnet/AspNetCore.Docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
AspNetCore.Docs/aspnetcore/security/gdpr.md

3.7 KiB
Raw Blame History

title author description ms.author ms.custom ms.date uid
General Data Protection Regulation (GDPR) support in ASP.NET Core rick-anderson Learn how to access the GDPR extension points in an ASP.NET Core web app. riande mvc 07/11/2019 security/gdpr

EU General Data Protection Regulation (GDPR) support in ASP.NET Core

By Rick Anderson

ASP.NET Core provides APIs and templates to help meet some of the EU General Data Protection Regulation (GDPR) requirements:

:::moniker range=">= aspnetcore-7.0"

  • The project templates include extension points and stubbed markup that you can replace with your privacy and cookie use policy.
  • The Pages/Privacy.cshtml page or Views/Home/Privacy.cshtml view provides a page to detail your site's privacy policy.

To enable the default cookie consent feature like that found in the ASP.NET Core 2.2 templates in a current ASP.NET Core template generated app, add the following highlighted code to Program.cs:

[!code-csharpMain]

In the preceding code, xref:Microsoft.AspNetCore.Builder.CookiePolicyOptions and xref:Microsoft.AspNetCore.Builder.CookiePolicyAppBuilderExtensions.UseCookiePolicy%2A are used.

  • Add the cookie consent partial to the _Layout.cshtml file:

    [!code-cshtmlMain]

  • Add the _CookieConsentPartial.cshtml file to the project:

    [!code-cshtmlMain]

  • Select the ASP.NET Core 2.2 version of this article to read about the cookie consent feature.

Customize the cookie consent value

Specify the value used to track if the user consented to the cookie use policy using the CookiePolicyOptions.ConsentCookieValue property:

[!code-csharpMain]

Encryption at rest

Some databases and storage mechanisms allow for encryption at rest. Encryption at rest:

  • Encrypts stored data automatically.
  • Encrypts without configuration, programming, or other work for the software that accesses the data.
  • Is the easiest and safest option.
  • Allows the database to manage keys and encryption.

For example:

For databases that don't provide built-in encryption at rest, you may be able to use disk encryption to provide the same protection. For example:

Additional resources

:::moniker-end

[!INCLUDE] [!INCLUDE] [!INCLUDE]