• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Input ASP.NET Core Data Protection key store

Paul Hermans

Basic Pleskian
When hosting an ASP.NET Core application with Data Protection to encrypt and decrypt data, where do we store the key ring?

What are the options:
  1. Windows registry
  2. User profile (%LOCALAPPDATA%/ASP.NET/DataProtection-Keys)
  3. File system (i.e. C:\inetpub\vhosts\example.com\... )
Option 3 is the best option I think, this works with a default Plesk install, Keys will be backed up by Plesk Backup Manager and will be migrated when moving to another server etc.

But the documentation says the following:
"Use an X509 certificate to protect the key ring and ensure the certificate is a trusted certificate. If the certificate is self-signed, place the certificate in the Trusted Root store."

Where do we store this certificate? Plesk users do not have access to the Trusted Root store.

Link: Host ASP.NET Core on Windows with IIS
Link: Configure ASP.NET Core Data Protection

What do you think is the best way to protect the keys when using Plesk?
 
Back
Top