spouliot/PowderCoatingLogix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Store Data Protection keys in SQL Server (non-production)

Browse Source 
Replaces the local filesystem path (which required IIS app pool write
access to inetpub\wwwroot\DataProtection-Keys) with SQL Server storage
via IDataProtectionKeyContext. Keys now survive deploys and IIS recycles
without any server-side folder permission setup.

Production continues to use Azure Blob Storage unchanged.

- Add Microsoft.AspNetCore.DataProtection.EntityFrameworkCore 8.0.11 to
  Web and Infrastructure projects
- ApplicationDbContext implements IDataProtectionKeyContext
- Migration AddDataProtectionKeys creates DataProtectionKeys table
- Program.cs: non-production path uses PersistKeysToDbContext

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scott Pouliot
2026-05-05 22:08:31 -04:00
parent c7a60a1fad
commit 713efbc2b6
7 changed files with 9635 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/PowderCoating.Infrastructure/Data/ApplicationDbContext.cs
+8 -1
View File
@@ -1,3 +1,4 @@
using Microsoft.AspNetCore.DataProtection.EntityFrameworkCore;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore;
@@ -25,7 +26,7 @@ namespace PowderCoating.Infrastructure.Data;
/// to repository methods) — reserved for SuperAdmin operations and document-number generation.
/// </para>
/// </summary>
public class ApplicationDbContext : IdentityDbContext<ApplicationUser>
public class ApplicationDbContext : IdentityDbContext<ApplicationUser>, IDataProtectionKeyContext
{
private readonly IHttpContextAccessor? _httpContextAccessor;
private readonly IServiceProvider? _serviceProvider;
@@ -371,6 +372,12 @@ public class ApplicationDbContext : IdentityDbContext<ApplicationUser>
/// </summary>
public DbSet<PlatformSetting> PlatformSettings { get; set; }
/// <summary>
/// ASP.NET Core Data Protection key ring — required by <see cref="IDataProtectionKeyContext"/>.
/// Keys stored here survive deploys and IIS app pool recycles.
/// </summary>
public DbSet<DataProtectionKey> DataProtectionKeys { get; set; }
/// <summary>
/// IP address ban list. Login attempts from a matching active entry are rejected
/// before Identity even checks credentials. No tenant filter; SuperAdmin-managed only.