Skip to content

a-h/AspNetCore.Antiforgery.Aes

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits

src

src

 
 

tests/AspNetCore.Antiforgery.Aes.Tests

tests/AspNetCore.Antiforgery.Aes.Tests

 
 

.gitignore

.gitignore

 
 

AspNetCore.Antiforgery.Aes.sln

AspNetCore.Antiforgery.Aes.sln

 
 

LICENSE.md

LICENSE.md

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

Repository files navigation

AES Antiforgery

An alternative implementation of CSRF protection for ASP.Net MVC 6 which avoids the need to configure the Data Protection API (requires Redis or a UNC share), instead being able to pass in symmetric keys for the AES algorithm.

Usage

Use the default environment variables

export AES_CSRF_KEY=PoQ2zO0w8A/n8eXl3eoN2AQXYhSIyMXJW2QVTzJOVA4=
export AES_CSRF_IV=L3RrIxqIug+XVp9/fiV4AQ==
var logger = p.GetService<ILogger<AesAntiforgery>>();
var timeout = TimeSpan.FromHours(12);

services.AddScoped<IAntiforgery, AesAntiforgery>(p => 
        new AesAntiforgery(logger, timeout));

Or get the configuration yourself

var logger = p.GetService<ILogger<AesAntiforgery>>();
var key = Convert.FromBase64String("PoQ2zO0w8A/n8eXl3eoN2AQXYhSIyMXJW2QVTzJOVA4=");
var iv = Convert.FromBase64String("L3RrIxqIug+XVp9/fiV4AQ==");
var timeout = TimeSpan.FromHours(12);

services.AddScoped<IAntiforgery, AesAntiforgery>(p => 
        new AesAntiforgery(logger, key, iv, timeout));

Key generation

public static void Main()
{
    using (var aes = System.Security.Cryptography.Aes.Create())
    {
        Console.WriteLine("Key: " + Convert.ToBase64String(aes.Key));
        Console.WriteLine("IV: " + Convert.ToBase64String(aes.IV));
    }
}

About

An implementation of the IAntiforgery CSRF protection mechanism for dotnet core which avoids the data protection API

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages