diff --git a/aspnetcore/security/data-protection/includes/introduction7.md b/aspnetcore/security/data-protection/includes/introduction7.md index c1ac8db8d22d..2a4fca8045d1 100644 --- a/aspnetcore/security/data-protection/includes/introduction7.md +++ b/aspnetcore/security/data-protection/includes/introduction7.md @@ -89,6 +89,10 @@ The data protection stack consists of five packages: * [Microsoft.AspNetCore.Cryptography.KeyDerivation](https://www.nuget.org/packages/Microsoft.AspNetCore.Cryptography.KeyDerivation/) provides an implementation of the PBKDF2 password hashing routine and can be used by systems that must handle user passwords securely. For more information, see . +## Data consistency in Azure Container Apps +> [!WARNING] +> New functionality was introduced in AspNetCore 8.0 to automatically keep Data Protection keys synchronized across instances in [Azure Container Apps](/azure/container-apps/overview). That functionality is not present in .NET 7 and previous, but information about how to configure it manually can be found in . + ## Additional resources * diff --git a/aspnetcore/security/data-protection/introduction.md b/aspnetcore/security/data-protection/introduction.md index b46cc7ed647b..abc4f6a6027e 100644 --- a/aspnetcore/security/data-protection/introduction.md +++ b/aspnetcore/security/data-protection/introduction.md @@ -14,13 +14,25 @@ uid: security/data-protection/introduction ASP.NET Core provides a cryptographic API to protect data, including key management and rotation. -Web apps often need to store sensitive data. The Windows data protection API ([DPAPI](/dotnet/standard/security/how-to-use-data-protection)) isn't intended for use in web apps. +## Data protection introduction -The ASP.NET Core data protection stack was designed to: +Web apps often need to store sensitive data. For example, an app might store a user's authentication token in a cookie. The data protection system helps you protect this data. The system provides a simple, easy-to-use API for protecting and unprotecting data. -* Provide a built in solution for most Web scenarios. -* Address many of the deficiencies of the previous encryption system. -* Serve as the replacement for the `` element in ASP.NET 1.x - 4.x. +The ASP.NET Core data protection stack: + +* Was designed to provide a built in solution for most Web scenarios, including web farms and [Azure Container Apps](/azure/container-apps/overview). +* Is a robust and comprehensive framework designed to manage and secure app dataEnsures that sensitive information and keep it tamper-proof. +* Provides services for cryptographic operations such as: + + * Data encryption and decryption + * Digital signatures and key management + +### Key Features + +* Cryptographic security: The Data Protection API (DPAPI) in ASP.NET Core uses modern cryptographic algorithms to ensure data integrity and confidentiality. It supports encryption and decryption of data, making it secure from unauthorized access. +* Key nanagement: One of the core components of the Data Protection framework is its automatic key management system. Keys are stored securely and rotated regularly, minimizing the risk of key compromise. Developers can customize key storage and lifecycle to meet specific security requirements. +* Straight forward Integration: ASP.NET Core Data Protection can be integrated into existing apps. It provides a basic API for protecting data. The APIcan be used in various scenarios such as securing cookies, authentication tokens, and other sensitive data. +* Configurability: The framework is highly configurable, allowing developers to specify key storage locations, e.g., file system, Azure Key Vault, encryption algorithms, and other settings. This flexibility ensures that the Data Protection services can be tailored to fit the unique security needs of most apps. ## Problem statement @@ -103,6 +115,8 @@ The data protection stack consists of five packages: ## Additional resources +* [An introduction to the Data Protection system by Andrew Lock](https://andrewlock.net/an-introduction-to-the-data-protection-system-in-asp-net-core/) +* Data protection serves as the replacement for the `` element in ASP.NET 1.x - 4.x. * *