asp.net-core.net-coreasp.net-identity.net-5

How to use ProtectedPersonalData attribute

I found the attribute class, ProtectedPersonalData (link), of ASP.NET Core Identity framework, but I can't seem to find any documentation on how to use it. The documentation only says: Used to indicate that a something is considered personal data and should be protected.

At the end, I was able to encrypt the Identity User class fields (link) (e.g. email field), but not any property of an Identity User inheriting class.

public class ApplicationUser : IdentityUser {

        [ProtectedPersonalData]
        public string MyProperty { get; set; }
}

I added this to the Identity Config:

services.AddDefaultIdentity<ApplicationUser>(options => {
                options.Stores.ProtectPersonalData = true;
            })
            .AddRoles<IdentityRole>()
            .AddEntityFrameworkStores<ApplicationDbContext>();

Moreover, I implemented protector classes:

public class Lookup : ILookupProtector {
            public string Protect(string keyId, string data) {
                return new string(data?.Reverse().ToArray());
            }

            public string Unprotect(string keyId, string data) {
                return new string(data?.Reverse().ToArray());
            }
        }

public class Protector : IPersonalDataProtector {
            public string Protect(string data) {
                return new string(data?.Reverse().ToArray());
            }

            public string Unprotect(string data) {
                return new string(data?.Reverse().ToArray());
            }
        }

public class KeyRing : ILookupProtectorKeyRing {
            public string this[string keyId] => "key";

            public string CurrentKeyId => "key";

            public IEnumerable<string> GetAllKeyIds() {
                return new string[] { "key" };
            }
        }

It is possible to encrypt MyProperty field? Please point me to information or provide some examples please.

Update:

I noticed that the code is never entering inside the Protect method for property MyProperty.

Solution

  • You need to add data annotation to the attribute qualifying as PersonalData, like this:

    [ProtectedPersonalData]
[PersonalData]
public string Firstname { get; set; }

[ProtectedPersonalData]
[PersonalData]
public string Lastname { get; set; }

    in order to activate the process you need register the services in your Startup.cs:

    // ProtectedData
services.AddScoped<ILookupProtectorKeyRing, KeyRing>();
services.AddScoped<ILookupProtector, LookupProtector>();
services.AddScoped<IPersonalDataProtector, PersonalDataProtector>();

    Example Repository

    Here you can find an example repository with a project Blazor WASM with Microsoft Identity accounts and ProtectedData implementation.

    https://github.com/nbiada/protecteddata-wasm-example