Skip to content

Latest commit

 

History

History
73 lines (47 loc) · 3.67 KB

gdpr.md

File metadata and controls

73 lines (47 loc) · 3.67 KB
Raw
title author description ms.author ms.custom ms.date uid
General Data Protection Regulation (GDPR) support in ASP.NET Core
tdykstra
Learn how to access the GDPR extension points in an ASP.NET Core web app.
tdykstra
mvc
07/11/2019
security/gdpr

EU General Data Protection Regulation (GDPR) support in ASP.NET Core

By Rick Anderson

ASP.NET Core provides APIs and templates to help meet some of the EU General Data Protection Regulation (GDPR) requirements:

:::moniker range=">= aspnetcore-7.0"

  • The project templates include extension points and stubbed markup that you can replace with your privacy and cookie use policy.
  • The Pages/Privacy.cshtml page or Views/Home/Privacy.cshtml view provides a page to detail your site's privacy policy.

To enable the default cookie consent feature like that found in the ASP.NET Core 2.2 templates in a current ASP.NET Core template generated app, add the following highlighted code to Program.cs:

[!code-csharpMain]

In the preceding code, xref:Microsoft.AspNetCore.Builder.CookiePolicyOptions and xref:Microsoft.AspNetCore.Builder.CookiePolicyAppBuilderExtensions.UseCookiePolicy%2A are used.

  • Add the cookie consent partial to the _Layout.cshtml file:

    [!code-cshtmlMain]

  • Add the _CookieConsentPartial.cshtml file to the project:

    [!code-cshtmlMain]

  • Select the ASP.NET Core 2.2 version of this article to read about the cookie consent feature.

Customize the cookie consent value

Specify the value used to track if the user consented to the cookie use policy using the CookiePolicyOptions.ConsentCookieValue property:

[!code-csharpMain]

Encryption at rest

Some databases and storage mechanisms allow for encryption at rest. Encryption at rest:

  • Encrypts stored data automatically.
  • Encrypts without configuration, programming, or other work for the software that accesses the data.
  • Is the easiest and safest option.
  • Allows the database to manage keys and encryption.

For example:

For databases that don't provide built-in encryption at rest, you may be able to use disk encryption to provide the same protection. For example:

Additional resources

:::moniker-end

[!INCLUDE] [!INCLUDE] [!INCLUDE]