Use Azure Blob Storage for Data Protection keys on non-local deployments
When Storage:ConnectionString is configured (dev/staging servers), store Data Protection keys in Azure Blob Storage (dataprotection-dev/keys.xml) instead of the local filesystem. Local developer workstations without a storage connection string continue to use the filesystem fallback. Fixes UnauthorizedAccessException on the dev IIS server caused by the app pool identity not having permission to create the DataProtection-Keys directory after it was wiped during a deploy. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -147,10 +147,22 @@ if (builder.Environment.IsProduction())
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
// Use Azure Blob Storage when the connection string is available (dev/staging servers).
|
||||||
|
// Fall back to local filesystem for developer workstations where storage isn't configured.
|
||||||
|
var devStorageConnStr = builder.Configuration["Storage:ConnectionString"];
|
||||||
|
if (!string.IsNullOrEmpty(devStorageConnStr))
|
||||||
|
{
|
||||||
|
builder.Services.AddDataProtection()
|
||||||
|
.PersistKeysToAzureBlobStorage(devStorageConnStr, "dataprotection-dev", "keys.xml")
|
||||||
|
.SetApplicationName("PowderCoatingApp");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
var keysPath = Path.Combine(builder.Environment.ContentRootPath, "DataProtection-Keys");
|
var keysPath = Path.Combine(builder.Environment.ContentRootPath, "DataProtection-Keys");
|
||||||
builder.Services.AddDataProtection()
|
builder.Services.AddDataProtection()
|
||||||
.PersistKeysToFileSystem(new DirectoryInfo(keysPath))
|
.PersistKeysToFileSystem(new DirectoryInfo(keysPath))
|
||||||
.SetApplicationName("PowderCoatingApp");
|
.SetApplicationName("PowderCoatingApp");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Configure Identity
|
// Configure Identity
|
||||||
|
|||||||
Reference in New Issue
Block a user