DataProtection issue #1517
Comments
|
Hi @kinkenakin 👋 This error typically indicates an issue with how your Data Protection keys are managed and persisted. Even if you haven’t changed your IdentityServer configuration recently, an improperly configured key ring (such as ephemeral or non-persisted keys) can cause these types of intermittent cryptographic errors. Can you share with us a bit more about how data protection is enabled and configured for your instance of IdentityServer? |
|
If you are talking about this? We don't have any configuration that pertains to this. Its a bit odd why this suddenly shows up as we haven't performed major code changes to our IdentityServer since v4. It just so happened that we had to upgrade the version and subscribe to Duende as this is now the protocol to consume this.. How can we get rid of that ephemeral thing and why it is happening? To give you a history of it rarely occurs or happens only during certain period of time or perhaps twice a month at 1pm PHST (UTC/GMT +8 hours)
|
|
@StuFrankish may I kindly know if there is an update on this? |
|
Hey @kinkenakin 👋
If you don't explicitly configure data protection within IdentityServer, ie you skip calling methods like Ephemeral keys only last for the duration of the environment they're in, so when your host application restarts or is redeployed, these keys are lost and new ones are generated. My own solution is hosted in Azure, so it uses blob storage and Azure KeyVault to store & protect the generated keys, meaning they persist between deployments and restarts. services
.AddDataProtection()
.SetApplicationName("MyHosted.App")
.PersistKeysToAzureBlobStorage(
connectionString: "<blobStorageConnectionString-fromAppSettings>",
containerName: "myhostedapp-dpkeys",
blobName: "app-dpkeys.xml"
)
.ProtectKeysWithAzureKeyVault(keyVaultUri, tokenCredential: new DefaultAzureCredential());Managed Identity is also configured here, hence the Hope that helps |
Which version of Duende IdentityServer are you using?
Duende.IdentityServer.AspNetIdentity 7.0.4
Duende.IdentityServer.EnttityFramework 7.0.4
Which version of .NET are you using?
NET 8
Any idea why we keep getting this error, take note that our licensing was set to expire in one month.
In the past 6 months we have random Outages that we often see this kind of error.
We don't have any changes that relates to identity server for almost a year and this just appears out of nowhere.
System.Security.Cryptography.CryptographicException: The key {a7505264-14e1-4ce5-8eeb-2e55dc6a7c5f} was not found in the key ring. For more information go to https://aka.ms/aspnet/dataprotectionwarning at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status) at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData) at Microsoft.AspNetCore.DataProtection.DataProtectionCommonExtensions.Unprotect(IDataProtector protector, String protectedData) at Duende.IdentityServer.Services.KeyManagement.DataProtectionKeyProtector.Unprotect(SerializedKey key) in //src/IdentityServer/Services/Default/KeyManagement/DataProtectionKeyProtector.cs:line 56 at Duende.IdentityServer.Services.KeyManagement.KeyManager.b__20_0(SerializedKey x) in //src/IdentityServer/Services/Default/KeyManagement/KeyManager.cs:line 435
The text was updated successfully, but these errors were encountered: