Azure Storage Blob Key Store for Microsoft.AspNetCore.DataProtection

The Azure.Extensions.AspNetCore.DataProtection.Blobs package allows storing ASP.NET Core DataProtection keys in Azure Blob Storage. Keys can be shared across several instances of a web app. Apps can share authentication cookies or CSRF protection across multiple servers.

Getting started

Install the package

Install the package with NuGet:

dotnet add package Azure.Extensions.AspNetCore.DataProtection.Blobs

Prerequisites

You need an Azure subscription, Storage Account and Storage Container to use this package.

To create a new Storage Account, you can use the Azure Portal, Azure PowerShell, or the Azure CLI. Here's an example using the Azure CLI:

az storage account create --name <storage-account> --resource-group <resource-group> --location westus --sku Standard_LRS
az storage container create --account-name <storage-account> -n <container>

# Give write access to a user
az role assignment create --role "Storage Blob Data Contributor" --assignee <your_email> --scope "/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>/blobServices/default/containers/<container>"

# OR give write access to a service principal (application)
az role assignment create --role "Storage Blob Data Contributor" --assignee-object-id <application_id> --scope "/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>/blobServices/default/containers/<container>"