Race condition in clustered ASP.NET Core Key Storage provider #52
Comments
wpbrown
added
internals
|
SO question about this here: https://stackoverflow.com/questions/47693057/dataprotection-share-machine-key-between-multiple-applications |
|
@jtheisen Yea the race condition comment embedded in that question is exactly what I was on about here. Last time I looked at the code, it made no attempt to deal with a race. I think they've left it on the library user to designate a primary responsible for rotating keys and all others are readers. When deploying to a scale set like the domain joined ref arch, this would require leader election, and it all gets unnecessarily complex. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Does the ASP.NET code actually do anything to deal with multiple processes attempting to create/rotate keys simultaneously?
https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/implementation/key-storage-providers?view=aspnetcore-2.2
I think it does not:
https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview?view=aspnetcore-2.2#disableautomatickeygeneration
The text was updated successfully, but these errors were encountered: