Add Data Protection

The antiforgery framework is a critical part of ASP.NET Core. It ensures web forms and login pages haven’t been tampered with by storing crypto data with the form and then validating the form with a key created by the Data Protection framework. An ASP.NET Core Data Protection Provider is the building block that provides encryption and decryption of secret data to the antiforgery framework.

To support the use of ASP.NET Core’s antiforgery framework, AWS released an ASP.NET Core Data Protection Provider backed by AWS Systems Manager (SSM).

By default ASP.NET Core creates the data protection keys in memory. That works for local development on a single machine but can pose a problem for production systems where multiple web servers are used. When you deploy your application to AWS Elastic Beanstalk or AWS Fargate, for example, you need a mechanism to share the data protection keys between servers in order to load balance requests.

The AWS SSM ASP.NET Core Data Protection Provider enables you to share ASP.NET Core data protection keys between web servers by storing them in a secure central location.