This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 67%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENR%3C/text%3E%3C/svg%3E)
I'm configuring my application to make use of AspNetCore.Identity as well Data protection.
public static void Main(string[] args)
{
var builder = WebApplication.CreateBuilder(args);
builder.Services
.AddIdentityApiEndpoints<IdentityUser<Guid>>(options =>
{
options.Stores.ProtectPersonalData = true;
})
.AddPersonalDataProtection<LookupProtector, LookupProtectorKeyRing>();
builder.Services.AddDataProtection();
builder.Services.AddOptions<KeyManagementOptions>()
.Configure<IServiceScopeFactory>((options, factory) =>
{
options.XmlRepository = new CustomXmlRepository(factory);
});
...
}
When running the application I can register new users through the Api without a problem, however when I try to login I always get a 401 - Unauthorized. During the debugging I see that every time i send a new login request the I hit the implementation of ILookupProtector which will protect the username and will be user by user manager to retrieve the user record, however the protected value is never the same and in this case the query to get the user will return nothing.
The current documentation from AspNetCore Identity doesn't cover any information regarding the use of protected Data.
public class LookupProtector : ILookupProtector
{
private readonly IDataProtectionProvider _dataProtectorProvider;
public LookupProtector(IDataProtectionProvider dataProtectorProvider)
{
_dataProtectorProvider = dataProtectorProvider;
}
[return: NotNullIfNotNull("data")]
public string? Protect(string keyId, string? data)
{
if (string.IsNullOrWhiteSpace(data)) return data;
return dataProtector.CreateProtector(keyId).Protect(data);
}
[return: NotNullIfNotNull("data")]
public string? Unprotect(string keyId, string? data)
{
if (string.IsNullOrWhiteSpace(data)) return data;
return _dataProtectorProvider.CreateProtector(keyId).Unprotect(data);
}
}
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi,@Nero Rodrigues
You may register your services follow this document:
builder.Services .AddIdentityApiEndpoints<IdentityUser<Guid>>
(options =>
{
options.Stores.ProtectPersonalData = true;
options.Stores.MaxLengthForKeys = 128;
})
services.AddScoped<ILookupProtectorKeyRing, KeyRing>();
services.AddScoped<ILookupProtector, LookupProtector>();
To have Identity encrypt your custom IdentityUser model, annotate your model fields with [ProtectedPersonalData].