I had an .Net Core 2.1 application (with Visual Studio 2017 / SQL Server 2016). I am in the security phase. I search a solution to respect the GDPR norm.
TDE (Transparent Data Encryption) was chosen to encrypt the database (AlwaysEncrypted was not yet available for .Net Core). But with TDE, we encrypt the only database, not the channel between my database and my application. I use Entity Framework Core to access my database.
Do you know how it's possible to encrypt the channel between my database and my application?
Related
I have an existing .NET Framework Web API currently in production which is in the process of being upgraded to .NET 6.
The application uses the built-in .NET Framework OWIN solution for generating tokens and handles the authorisation for the client_credential flow.
We have a couple of custom MySql tables that hold the ClientId, ClientSecret info and another for granted token requests, e.g. storing the OWIN ticket, scope details etc.
One limitation we have is that we are using EF Core 3.1.x which we cannot upgrade.
I want to build a solution so that:
existing active OWIN tokens in the database can still be used for
authorisation into the new .NET Core API using OpenIddict, once it goes live. (so
that the end users are not impacted)
I also want to be able to generate new tokens using OpenIddict and
store those tokens in the same existing MySql tables.
I don't know if this is possible and if so how to tackle it.
Has anyone here achieved a similar migration?
I've been searching the web like crazy for answers on how to use client certificates with an old asp .NET web form. We are building an Azure Key Vault and I can build an ASP .NET Core app and use client certificates no problem to access the key vault. But we also have some legacy websites here at my job and we don't have time to re-write these all so to start I can turn them into web applications because the only way to currently open them in Visual Studio is by opening VS going to File->Open->Web Site. I did a POC with one and while it took some time since I had to basically create a new web application then I copied the pages/code over to this web application. But I used ClientId/SecretID to access Azure Key Vault and this worked fine.
But we want to use client certificates and I'm at a loss as to how to do this with a webform. Everything I find on the web when I search is for ASP .NET Core or MVC, not .NET Framework 4.8 with aspx webforms.
These applications use global.asax and you can't use routing filters.
Is it even possible to use client certificates in webforms?
This is for an ASP.NET Core 3.1 Web API project. We have purely on-premise implementation, so Azure Keyvault is not an option.
What is the other (except Azure Keyvault) best way to protect sensitive data like ApiKey, database connection string etc.?
How to handle that in different environments like in Development, Test, UAT, and Production environment?
I have developed .net core 3.1 web api for encrypting and decrypting(using AesGCM technique),I want to host this application on 2 servers(has IIS) and there is load balancer infront of them.
So my question is does AesGCM algorithm relays on machine key? because i don't want to get into the situation that one machine encrypt and other machine won't be able to decrypt.
In the current implementation i tried adding machine key element in the web.config but there is no effect of it.
My other question is AesGCM is the best technique to go for encryption/decryption in .net core 3.1? need your suggestion?
I'm currently working on an Asp.net Core 2.1 MVC application. I would like to create the database using EF Core ( Entity Framework ). And I want to connect that database to Microsoft Azure cloud. And I heard that it's not possible or not that easy to connect the database, which is created using Entity Framework Core, to Azure cloud. Hence I had to create a JSON file instead. But I want to create a database using EF core and I want to know whether I will be able to connect it to Azure.