J
JiachenJiang
The Azure Container Apps and .NET team have made it easier than ever to deploy your .NET application by supporting automatic configuration for data protection. This support is currently available as an opt-in feature in the Container Apps API version 2024-02-02-preview.
This blog post will discuss the feature and what it enables, how to determine if your application is correctly configured, and how to enable configuration for data protection across a variety of .NET versions.
Many ASP.NET Core apps rely on a feature called data protection, which is a cryptographic API to protect data using methods like key management and rotation. By default, it requires additional configuration in both Azure and in application code to function correctly when hosted in Container Apps.
If data protection isn’t configured, the application will appear to function correctly but will experience bugs when the application scales out to multiple replicas.
For detailed information about the data protection feature, read here.
The process of configuring the data protection feature varies depending on the version of .NET you are using.
Aspire applications deployed using the Azure Developer CLI (azd) will have data protection configured by default.
If you are using ASP.NET Core v9.0.0-preview.2.24128.4 and later and ASP.NET Core v8.0.4 and newer, you can configure data protection using ARM and Bicep.
This can be done with turning on the new `autoConfigureDataProtection` property, which will allow ASP.NET Core data protection keys to be automatically managed by the platform.
If you are using ASP.NET Core with a lower version than previously described, you will have to configure data protection manually. We recommend upgrading to one of the supported .NET versions or doing so using ARM.
Congratulations, you now ensured that your .NET application has data protection correctly configured and will scale to multiple replicas without issue!
Want to learn more? You can...
Continue reading...
This blog post will discuss the feature and what it enables, how to determine if your application is correctly configured, and how to enable configuration for data protection across a variety of .NET versions.
What is data protection?
Many ASP.NET Core apps rely on a feature called data protection, which is a cryptographic API to protect data using methods like key management and rotation. By default, it requires additional configuration in both Azure and in application code to function correctly when hosted in Container Apps.
If data protection isn’t configured, the application will appear to function correctly but will experience bugs when the application scales out to multiple replicas.
For detailed information about the data protection feature, read here.
Configuring data protection for your .NET Application
The process of configuring the data protection feature varies depending on the version of .NET you are using.
.NET Aspire
Aspire applications deployed using the Azure Developer CLI (azd) will have data protection configured by default.
.NET 8 and up
If you are using ASP.NET Core v9.0.0-preview.2.24128.4 and later and ASP.NET Core v8.0.4 and newer, you can configure data protection using ARM and Bicep.
This can be done with turning on the new `autoConfigureDataProtection` property, which will allow ASP.NET Core data protection keys to be automatically managed by the platform.
.NET 7 and under
If you are using ASP.NET Core with a lower version than previously described, you will have to configure data protection manually. We recommend upgrading to one of the supported .NET versions or doing so using ARM.
Next Steps
Congratulations, you now ensured that your .NET application has data protection correctly configured and will scale to multiple replicas without issue!
Want to learn more? You can...
- Review the Azure Container Apps docs.
- Learn more about pricing details from the Azure Container Apps pricing page.
- Reach us directly at any time via our GitHub microsoft/azure-container-apps repo.
- Connect with the Azure Container Apps team on Twitter and Discord.
Continue reading...