Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Multiple dataprotection providers for migration/fallback

See original GitHub issue

Is your feature request related to a problem? Please describe.

I’m not sure if this is possible at all since the documentation feels rather scarce when it comes to changes to the data protection stores, but we have 2 different migration issues here with changing Data Protection providers:

We want to migrate our existing DataProtection keys from one data store to another, relying on the implementation itself to do the work of creating and storing the missing keys rather than us having to work out exactly how the format is different between providers.
We’ve realised after-the-fact that we should have had set the application name for the DataProtection config since we now want to share the existing keys with multiple applications. Adding a name now seems to log out all users which is really not a viable option on a consumer website (last time it happened when we migrated from ASP.NET to Core, we were getting emails about a “bug” and forgotten password issues for months).

Describe the solution you’d like

If any of the above is already possible, it’d be ideal to include it in the documentation.

If it’s not already possible, ideally we’d like to see the following features:

The ability to add multiple DataProtection key stores, with the expectation that the key stores have their keys reconciled (maybe have multiple ReconciliationStrategies, such as merge and override?) and maintained at a synchronised state.
The ability to either add a new ApplicationName for data protection with the expectation that keys referring to the old name are migrated, or, similar to above, the ability to add multiple application names and have identical keys maintained for both names.
Pertaining to #1, if there are already multiple key stores defined, the ability to use a synced key store for fallback might be a welcome addition in certain scenarios such as in the case of geo-replicated Kubernetes clusters, but this is really more of an optional idea if there are already multiple key stores anyway.

These could be either implemented via a new IKeyManager or IXmlRepository store, or implemented directly in the core of the data protection system. I can see pros on both sides of this issue.

Issue Analytics

State:
Created 3 years ago
Reactions:2
Comments:6 (4 by maintainers)

Top GitHub Comments

1reaction

madelsoncommented, Apr 6, 2023

@GrabYourPitchforks regarding your suggested configuration approach , for creating the nested protector instances would you need to create nested instances in their own service containers?

I’m imagining something like this:

ServiceCollection services1 = new();
services1.AddDataProtection(/* configuration 1 */);
ServiceProvider provider1 = services1.BuildServiceProvider();
IDataProtectionProvider dataProtectionProvider1 = (IDataProtectionProvider)provider1.GetRequiredService(typeof(IDataProtectionProvider));

... // repeat for configuration2

// on the main application service collection
services.AddSingleton(typeof(IDataProtectionProvider), _ => new DelegatingDataProtectionProvider(dataProtectionProvider1, dataProtectionProvider2));

I might have expected to be able to use DataProtectionProvider.Create, but that method seems to limit your persistence/protection options.

0reactions

GrabYourPitchforkscommented, Nov 9, 2020

enhancement seems like an appropriate label. The extensibility hooks to allow this already exist. If this is a common enough scenario then it’d be useful to provide a vetted implementation in-box.