From 8959b8b6aca6af6511f0d815aad15afece2c4648 Mon Sep 17 00:00:00 2001 From: Tom Dykstra Date: Tue, 29 Oct 2024 15:16:27 -0700 Subject: [PATCH 1/2] sfi updates --- aspnetcore/migration/identity.md | 5 ++++- .../migration/proper-to-2x/membership-to-core-identity.md | 3 +++ aspnetcore/security/app-secrets.md | 3 ++- aspnetcore/security/app-secrets/includes/app-secrets-3-5.md | 4 +++- .../security/authentication/customize-identity-model.md | 5 ++++- .../includes/identity-api-authorization3-7.md | 5 +++++ .../authentication/identity-custom-storage-providers.md | 5 ++++- aspnetcore/security/authentication/mfa.md | 5 ++++- aspnetcore/security/authentication/mfa/includes/mfa-5-8.md | 4 ++++ .../data-protection/implementation/key-storage-providers.md | 2 ++ aspnetcore/security/key-vault-configuration.md | 1 + 11 files changed, 36 insertions(+), 6 deletions(-) diff --git a/aspnetcore/migration/identity.md b/aspnetcore/migration/identity.md index 27bf2e9ab5bd..21d87305a517 100644 --- a/aspnetcore/migration/identity.md +++ b/aspnetcore/migration/identity.md @@ -3,9 +3,10 @@ title: Migrate Authentication and Identity to ASP.NET Core author: ardalis description: Learn how to migrate authentication and identity from an ASP.NET MVC project to an ASP.NET Core MVC project. ms.author: riande -ms.date: 3/22/2020 +ms.date: 10/29/2024 uid: migration/identity --- + # Migrate Authentication and Identity to ASP.NET Core By [Steve Smith](https://ardalis.com/) @@ -22,6 +23,8 @@ Install the following NuGet packages: * `Microsoft.AspNetCore.Authentication.Cookies` * `Microsoft.EntityFrameworkCore.SqlServer` +[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)] + In `Startup.cs`, update the `Startup.ConfigureServices` method to use Entity Framework and Identity services: ```csharp diff --git a/aspnetcore/migration/proper-to-2x/membership-to-core-identity.md b/aspnetcore/migration/proper-to-2x/membership-to-core-identity.md index c873f2e507c8..02cbb9ada3c4 100644 --- a/aspnetcore/migration/proper-to-2x/membership-to-core-identity.md +++ b/aspnetcore/migration/proper-to-2x/membership-to-core-identity.md @@ -7,6 +7,7 @@ ms.custom: mvc ms.date: 01/10/2019 uid: migration/proper-to-2x/membership-to-core-identity --- + # Migrate from ASP.NET Membership authentication to ASP.NET Core 2.0 Identity By [Isaac Levin](https://isaaclevin.com) @@ -49,6 +50,8 @@ The fastest way to view the schema for ASP.NET Core 2.0 Identity is to create a } ``` +[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)] + 1. Select **View** > **SQL Server Object Explorer**. Expand the node corresponding to the database name specified in the `ConnectionStrings:DefaultConnection` property of `appsettings.json`. The `Update-Database` command created the database specified with the schema and any data needed for app initialization. The following image depicts the table structure that's created with the preceding steps. diff --git a/aspnetcore/security/app-secrets.md b/aspnetcore/security/app-secrets.md index 4a1da3fc5317..b867db7ac60f 100644 --- a/aspnetcore/security/app-secrets.md +++ b/aspnetcore/security/app-secrets.md @@ -5,9 +5,10 @@ description: Learn how to store and retrieve sensitive information during the de ms.author: tdykstra monikerRange: '>= aspnetcore-3.0' ms.custom: mvc -ms.date: 02/23/2024 +ms.date: 10/29/2024 uid: security/app-secrets --- + # Safe storage of app secrets in development in ASP.NET Core [!INCLUDE[](~/includes/not-latest-version.md)] diff --git a/aspnetcore/security/app-secrets/includes/app-secrets-3-5.md b/aspnetcore/security/app-secrets/includes/app-secrets-3-5.md index 6a3e11b2d961..2f6e57111814 100644 --- a/aspnetcore/security/app-secrets/includes/app-secrets-3-5.md +++ b/aspnetcore/security/app-secrets/includes/app-secrets-3-5.md @@ -1,11 +1,13 @@ :::moniker range="< aspnetcore-6.0" + By [Rick Anderson](https://twitter.com/RickAndMSFT), [Kirk Larkin](https://twitter.com/serpent5), [Daniel Roth](https://github.com/danroth27), and [Scott Addie](https://github.com/scottaddie) [View or download sample code](https://github.com/dotnet/AspNetCore.Docs/tree/main/aspnetcore/security/app-secrets/samples) ([how to download](xref:index#how-to-download-a-sample)) -This document explains how to manage sensitive data for an ASP.NET Core app on a development machine. Never store passwords or other sensitive data in source code. Production secrets shouldn't be used for development or test. Secrets shouldn't be deployed with the app. Instead, production secrets should be accessed through a controlled means like environment variables or Azure Key Vault. You can store and protect Azure test and production secrets with the [Azure Key Vault configuration provider](xref:security/key-vault-configuration). +This article explains how to manage sensitive data for an ASP.NET Core app on a development machine. Never store passwords or other sensitive data in source code or configuration files. Production secrets shouldn't be used for development or test. Secrets shouldn't be deployed with the app. Production secrets should be accessed through a controlled means like Azure Key Vault. Azure test and production secrets can be stored and protected with the [Azure Key Vault configuration provider](xref:security/key-vault-configuration). +For more information on authentication for test and production environments, see [Secure authentication flows](xref:security/index#secure-authentication-flows). ## Environment variables Environment variables are used to avoid storage of app secrets in code or in local configuration files. Environment variables override configuration values for all previously specified configuration sources. diff --git a/aspnetcore/security/authentication/customize-identity-model.md b/aspnetcore/security/authentication/customize-identity-model.md index 7338935098cb..eddaa6e2d014 100644 --- a/aspnetcore/security/authentication/customize-identity-model.md +++ b/aspnetcore/security/authentication/customize-identity-model.md @@ -3,9 +3,10 @@ title: Identity model customization in ASP.NET Core author: ajcvickers description: This article describes how to customize the underlying Entity Framework Core data model for ASP.NET Core Identity. ms.author: avickers -ms.date: 07/01/2019 +ms.date: 10/29/2024 uid: security/authentication/customize_identity_model --- + # Identity model customization in ASP.NET Core By [Arthur Vickers](https://github.com/ajcvickers) @@ -887,6 +888,8 @@ services Refer to the preceding examples for guidance on adding navigation properties to the entity types. +[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)] + ## Additional resources * diff --git a/aspnetcore/security/authentication/identity-api-authorization/includes/identity-api-authorization3-7.md b/aspnetcore/security/authentication/identity-api-authorization/includes/identity-api-authorization3-7.md index 41b0b0bd43dc..1649260e95c9 100644 --- a/aspnetcore/security/authentication/identity-api-authorization/includes/identity-api-authorization3-7.md +++ b/aspnetcore/security/authentication/identity-api-authorization/includes/identity-api-authorization3-7.md @@ -1,4 +1,5 @@ :::moniker range=">= aspnetcore-6.0 < aspnetcore-8.0" + The ASP.NET Core templates offer authentication in Single Page Apps (SPAs) using the support for API authorization. ASP.NET Core Identity for authenticating and storing users is combined with [Duende Identity Server](https://docs.duendesoftware.com) for implementing OpenID Connect. @@ -76,6 +77,8 @@ The preceding code configures: app.UseIdentityServer(); ``` +[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)] + ### Azure App Service on Linux For Azure App Service deployments on Linux, specify the issuer explicitly: @@ -484,6 +487,8 @@ The `Startup` class has the following additions: app.UseIdentityServer(); ``` +[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)] + ### Azure App Service on Linux For Azure App Service deployments on Linux, specify the issuer explicitly in `Startup.ConfigureServices`: diff --git a/aspnetcore/security/authentication/identity-custom-storage-providers.md b/aspnetcore/security/authentication/identity-custom-storage-providers.md index c6fe0bbf35d4..49d2cdd0ed98 100644 --- a/aspnetcore/security/authentication/identity-custom-storage-providers.md +++ b/aspnetcore/security/authentication/identity-custom-storage-providers.md @@ -4,9 +4,10 @@ author: ardalis description: Learn how to configure custom storage providers for ASP.NET Core Identity. ms.author: riande ms.custom: mvc -ms.date: 07/23/2019 +ms.date: 10/29/2024 uid: security/authentication/identity-custom-storage-providers --- + # Custom storage providers for ASP.NET Core Identity By [Steve Smith](https://ardalis.com/) @@ -207,6 +208,8 @@ Once you have implemented a storage provider, you configure your app to use it. 1. If you are using Roles, update the `RoleManager` to use your `RoleStore` class. 1. Update the connection string and credentials to your app's configuration. +[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)] + Example: :::moniker range="< aspnetcore-6.0" diff --git a/aspnetcore/security/authentication/mfa.md b/aspnetcore/security/authentication/mfa.md index 6d6e7153411a..e888ea877ae6 100644 --- a/aspnetcore/security/authentication/mfa.md +++ b/aspnetcore/security/authentication/mfa.md @@ -5,9 +5,10 @@ description: Learn how to set up multi-factor authentication (MFA) in an ASP.NET monikerRange: '>= aspnetcore-3.1' ms.author: riande ms.custom: mvc -ms.date: 04/02/2024 +ms.date: 10/29/2024 uid: security/authentication/mfa --- + # Multi-factor authentication in ASP.NET Core [!INCLUDE[](~/includes/not-latest-version.md)] @@ -73,6 +74,8 @@ MFA could be forced on users to access sensitive pages within an ASP.NET Core Id The demo code is setup using ASP.NET Core with Identity and Razor Pages. The `AddIdentity` method is used instead of `AddDefaultIdentity` one, so an `IUserClaimsPrincipalFactory` implementation can be used to add claims to the identity after a successful login. +[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)] + ```csharp builder.Services.AddDbContext(options => options.UseSqlite( diff --git a/aspnetcore/security/authentication/mfa/includes/mfa-5-8.md b/aspnetcore/security/authentication/mfa/includes/mfa-5-8.md index 747c6ac65ce3..11b35bb1650d 100644 --- a/aspnetcore/security/authentication/mfa/includes/mfa-5-8.md +++ b/aspnetcore/security/authentication/mfa/includes/mfa-5-8.md @@ -59,6 +59,8 @@ MFA could be forced on users to access sensitive pages within an ASP.NET Core Id The demo code is setup using ASP.NET Core with Identity and Razor Pages. The `AddIdentity` method is used instead of `AddDefaultIdentity` one, so an `IUserClaimsPrincipalFactory` implementation can be used to add claims to the identity after a successful login. +[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)] + ```csharp builder.Services.AddDbContext(options => options.UseSqlite( @@ -561,6 +563,8 @@ MFA could be forced on users to access sensitive pages within an ASP.NET Core Id The demo code is setup using ASP.NET Core with Identity and Razor Pages. The `AddIdentity` method is used instead of `AddDefaultIdentity` one, so an `IUserClaimsPrincipalFactory` implementation can be used to add claims to the identity after a successful login. +[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)] + ```csharp public void ConfigureServices(IServiceCollection services) { diff --git a/aspnetcore/security/data-protection/implementation/key-storage-providers.md b/aspnetcore/security/data-protection/implementation/key-storage-providers.md index 3b588eac6928..4500dc2bfdba 100644 --- a/aspnetcore/security/data-protection/implementation/key-storage-providers.md +++ b/aspnetcore/security/data-protection/implementation/key-storage-providers.md @@ -43,6 +43,8 @@ public void ConfigureServices(IServiceCollection services) If the web app is running as an Azure service, connection string can be used to authenticate to Azure storage by using [Azure.Storage.Blobs](xref:Azure.Storage.Blobs.BlobContainerClient). +[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)] + ```csharp string connectionString = ""; string containerName = "my-key-container"; diff --git a/aspnetcore/security/key-vault-configuration.md b/aspnetcore/security/key-vault-configuration.md index 5917f5921f2e..c60ae2bcb8d3 100644 --- a/aspnetcore/security/key-vault-configuration.md +++ b/aspnetcore/security/key-vault-configuration.md @@ -8,6 +8,7 @@ ms.custom: mvc, devx-track-azurecli ms.date: 01/07/2022 uid: security/key-vault-configuration --- + # Azure Key Vault configuration provider in ASP.NET Core :::moniker range=">= aspnetcore-6.0" From fdef5219cc3b1122c512e7872ff08c22c1d1af58 Mon Sep 17 00:00:00 2001 From: Tom Dykstra Date: Tue, 29 Oct 2024 19:06:33 -0700 Subject: [PATCH 2/2] update metadata --- .../migration/proper-to-2x/membership-to-core-identity.md | 2 +- .../data-protection/implementation/key-storage-providers.md | 3 ++- aspnetcore/security/key-vault-configuration.md | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/aspnetcore/migration/proper-to-2x/membership-to-core-identity.md b/aspnetcore/migration/proper-to-2x/membership-to-core-identity.md index 02cbb9ada3c4..1d8db1258980 100644 --- a/aspnetcore/migration/proper-to-2x/membership-to-core-identity.md +++ b/aspnetcore/migration/proper-to-2x/membership-to-core-identity.md @@ -4,7 +4,7 @@ author: isaacrlevin description: Learn how to migrate existing ASP.NET apps using Membership authentication to ASP.NET Core 2.0 Identity. ms.author: wpickett ms.custom: mvc -ms.date: 01/10/2019 +ms.date: 10/29/2024 uid: migration/proper-to-2x/membership-to-core-identity --- diff --git a/aspnetcore/security/data-protection/implementation/key-storage-providers.md b/aspnetcore/security/data-protection/implementation/key-storage-providers.md index 4500dc2bfdba..b9e8c234a638 100644 --- a/aspnetcore/security/data-protection/implementation/key-storage-providers.md +++ b/aspnetcore/security/data-protection/implementation/key-storage-providers.md @@ -3,9 +3,10 @@ title: Key storage providers in ASP.NET Core author: rick-anderson description: Learn about key storage providers in ASP.NET Core and how to configure key storage locations. ms.author: riande -ms.date: 12/05/2019 +ms.date: 10/29/2024 uid: security/data-protection/implementation/key-storage-providers --- + # Key storage providers in ASP.NET Core The data protection system [employs a discovery mechanism by default](xref:security/data-protection/configuration/default-settings) to determine where cryptographic keys should be persisted. The developer can override the default discovery mechanism and manually specify the location. diff --git a/aspnetcore/security/key-vault-configuration.md b/aspnetcore/security/key-vault-configuration.md index c60ae2bcb8d3..e8caccb71464 100644 --- a/aspnetcore/security/key-vault-configuration.md +++ b/aspnetcore/security/key-vault-configuration.md @@ -5,7 +5,7 @@ description: Learn how to use the Azure Key Vault configuration provider to conf monikerRange: '>= aspnetcore-3.1' ms.author: tdykstra ms.custom: mvc, devx-track-azurecli -ms.date: 01/07/2022 +ms.date: 10/29/2024 uid: security/key-vault-configuration ---