20

I have this at every app start.

Does anyone know where this comes from?

info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0] User profile is available. Using '/Users/thomas/.aspnet/DataProtection-Keys' as key repository; keys will not be encrypted at rest.

// run the web host
var PathToContentRoot = Directory.GetCurrentDirectory();
var Host = WebHost.CreateDefaultBuilder()
    .UseKestrel()
    .UseContentRoot(PathToContentRoot)
    .UseStartup<WebStartup>()
    .UseNLog()
    .Build();

I don't have anything about 'dataprotection', 'keys', etc nor do I want any form of security features.

The code in the ConfigureServices part is:

        // find all controllers
        var Controllers =
            from a in AppDomain.CurrentDomain.GetAssemblies().AsParallel()
            from t in a.GetTypes()
            let attributes = t.GetCustomAttributes(typeof(ControllerAttribute), true)
            where attributes?.Length > 0
            select new { Type = t };

        var ControllersList = Controllers.ToList();
        Logging.Info($"Found {ControllersList.Count} controllers");

        // register them
        foreach (var Controller in ControllersList)
        {
            Logging.Info($"[Controller] Registering {Controller.Type.Name}");
            Services
                .AddMvc()
                .AddJsonOptions(Options => Options.SerializerSettings.ContractResolver = new DefaultContractResolver())
                .AddApplicationPart(Controller.Type.Assembly);
        }

        // add signalR
        Services.AddSignalR();

It is done to allow controllers from external assemblies to be used.

Thomas
  • 10,933
  • 14
  • 65
  • 136
  • 2
    solution found at: https://stackoverflow.com/questions/35251078/how-to-turn-off-the-logging-done-by-the-asp-net-core-framework – Thomas Sep 22 '18 at 11:12
  • 2
    Possible duplicate of [How to turn off the logging done by the ASP.NET core framework](https://stackoverflow.com/questions/35251078/how-to-turn-off-the-logging-done-by-the-asp-net-core-framework) –  Apr 09 '19 at 13:06

1 Answers1

6

Depending on what ASP.NET features you are using, the Core Data Protection middleware may be setup and added into the dependency injection container.

This provides a mechanism for storing sensitive data. Depending on what environment you are running in this sensitive data will be stored in different locations. In your case you are getting the message that it is being stored in the user profile (a folder on the system) and in plain text (I'm assuming because you are running on Linux as they would by default get encrypted on Windows). This article has a nice description of the default location for storing the sensitive data.

In your case I suspect it is the use of SignalR that is causing the Core Data Protection middle ware to be added. Another common cause for it being added is calling

IServiceCollection.AddAuthentication
denver
  • 2,863
  • 2
  • 31
  • 45