Fix bug antiforgery decryption issue when deploying in a k8s cluster

Changed in-memory grant store in idsrv to persist in db

eShopOnContainers-ServicesAndWebApps.sln

@@ -1,7 +1,7 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio 15
-VisualStudioVersion = 15.0.26430.12
+VisualStudioVersion = 15.0.26430.6
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{932D8224-11F6-4D07-B109-DA28AD288A63}"
 EndProject
@@ -76,6 +76,10 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.Extensions.Health
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EventBus.Tests", "src\BuildingBlocks\EventBus\EventBus.Tests\EventBus.Tests.csproj", "{89D80DF1-32E1-4AAF-970F-DA0AA6881F9D}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "DataProtection", "DataProtection", "{88B22DBB-AA8F-4290-A454-2C109352C345}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DataProtection", "src\BuildingBlocks\DataProtection\DataProtection\DataProtection.csproj", "{23A33F9B-7672-426D-ACF9-FF8436ADC81A}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Ad-Hoc|Any CPU = Ad-Hoc|Any CPU
@@ -1002,6 +1006,54 @@ Global
 		{89D80DF1-32E1-4AAF-970F-DA0AA6881F9D}.Release|x64.Build.0 = Release|Any CPU
 		{89D80DF1-32E1-4AAF-970F-DA0AA6881F9D}.Release|x86.ActiveCfg = Release|Any CPU
 		{89D80DF1-32E1-4AAF-970F-DA0AA6881F9D}.Release|x86.Build.0 = Release|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Ad-Hoc|Any CPU.ActiveCfg = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Ad-Hoc|Any CPU.Build.0 = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Ad-Hoc|ARM.ActiveCfg = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Ad-Hoc|ARM.Build.0 = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Ad-Hoc|iPhone.ActiveCfg = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Ad-Hoc|iPhone.Build.0 = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Ad-Hoc|iPhoneSimulator.ActiveCfg = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Ad-Hoc|iPhoneSimulator.Build.0 = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Ad-Hoc|x64.ActiveCfg = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Ad-Hoc|x64.Build.0 = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Ad-Hoc|x86.ActiveCfg = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Ad-Hoc|x86.Build.0 = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.AppStore|Any CPU.ActiveCfg = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.AppStore|Any CPU.Build.0 = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.AppStore|ARM.ActiveCfg = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.AppStore|ARM.Build.0 = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.AppStore|iPhone.ActiveCfg = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.AppStore|iPhone.Build.0 = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.AppStore|iPhoneSimulator.ActiveCfg = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.AppStore|iPhoneSimulator.Build.0 = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.AppStore|x64.ActiveCfg = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.AppStore|x64.Build.0 = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.AppStore|x86.ActiveCfg = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.AppStore|x86.Build.0 = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Debug|ARM.ActiveCfg = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Debug|ARM.Build.0 = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Debug|iPhone.ActiveCfg = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Debug|iPhone.Build.0 = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Debug|iPhoneSimulator.ActiveCfg = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Debug|iPhoneSimulator.Build.0 = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Debug|x64.Build.0 = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Debug|x86.Build.0 = Debug|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Release|Any CPU.Build.0 = Release|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Release|ARM.ActiveCfg = Release|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Release|ARM.Build.0 = Release|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Release|iPhone.ActiveCfg = Release|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Release|iPhone.Build.0 = Release|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Release|iPhoneSimulator.ActiveCfg = Release|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Release|iPhoneSimulator.Build.0 = Release|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Release|x64.ActiveCfg = Release|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Release|x64.Build.0 = Release|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Release|x86.ActiveCfg = Release|Any CPU
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -1038,5 +1090,7 @@ Global
 		{22A0F9C1-2D4A-4107-95B7-8459E6688BC5} = {A81ECBC2-6B00-4DCD-8388-469174033379}
 		{4BD76717-3102-4969-8C2C-BAAA3F0263B6} = {A81ECBC2-6B00-4DCD-8388-469174033379}
 		{89D80DF1-32E1-4AAF-970F-DA0AA6881F9D} = {807BB76E-B2BB-47A2-A57B-3D1B20FF5E7F}
+		{88B22DBB-AA8F-4290-A454-2C109352C345} = {DB0EFB20-B024-4E5E-A75C-52143C131D25}
+		{23A33F9B-7672-426D-ACF9-FF8436ADC81A} = {88B22DBB-AA8F-4290-A454-2C109352C345}
 	EndGlobalSection
 EndGlobal

k8s/deploy.ps1

@@ -58,7 +58,7 @@ ExecKube -cmd 'delete configmap urls'
 # start sql, rabbitmq, frontend deploymentsExecKube -cmd 'delete configmap config-files'
 ExecKube -cmd 'create configmap config-files --from-file=nginx-conf=nginx.conf'
 ExecKube -cmd 'label configmap config-files app=eshop'
-ExecKube -cmd 'create -f sql-data.yaml -f basket-data.yaml -f rabbitmq.yaml -f services.yaml -f frontend.yaml'
+ExecKube -cmd 'create -f sql-data.yaml -f basket-data.yaml -f keystore-data.yaml -f rabbitmq.yaml -f services.yaml -f frontend.yaml'
 
 # building and publishing docker images not necessary when deploying through CI VSTS
 if(-not $deployCI) {

k8s/deployments.yaml

@@ -69,7 +69,6 @@ kind: Deployment
 metadata:
   name: identity
 spec:
-  replicas: 3
   paused: true
   template:
     metadata:
@@ -86,6 +85,10 @@ spec:
           value: http://0.0.0.0:80/identity
         - name: ConnectionStrings__DefaultConnection
           value: "Server=sql-data;Initial Catalog=Microsoft.eShopOnContainers.Services.IdentityDb;User Id=sa;Password=Pass@word"
+        - name: DPConnectionString
+          value: keystore-data
+        - name: IsClusterEnv
+          value: 'True'
         - name: MvcClient
           valueFrom:
            configMapKeyRef:
@@ -153,6 +156,10 @@ spec:
         env:
         - name: ASPNETCORE_URLS
           value: http://0.0.0.0:80/webmvc
+        - name: DPConnectionString
+          value: keystore-data
+        - name: IsClusterEnv
+          value: 'True'
         - name: BasketUrl
           valueFrom:
            configMapKeyRef:
@@ -256,6 +263,10 @@ spec:
         env:
         - name: ASPNETCORE_URLS
           value: http://0.0.0.0:80
+        - name: DPConnectionString
+          value: keystore-data
+        - name: IsClusterEnv
+          value: 'True'
         - name: BasketUrl
           valueFrom:
            configMapKeyRef:

k8s/keystore-data.yaml

@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: eshop
+    component: keystore-data
+  name: keystore-data
+spec:
+  ports:
+  - port: 6379
+  selector:
+    app: eshop
+    component: keystore-data
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: keystore-data
+spec:
+  template:
+    metadata:
+      labels:
+        app: eshop
+        component: keystore-data
+    spec:
+      containers:
+      - name: keystore-data
+        image: redis:3.2-alpine
+

src/BuildingBlocks/DataProtection/DataProtection/DataProtection.csproj

@@ -0,0 +1,13 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>netcoreapp1.1</TargetFramework>
+    <RootNamespace>Microsoft.eShopOnContainers.BuildingBlocks</RootNamespace>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection" Version="1.1.2" />
+    <PackageReference Include="StackExchange.Redis" Version="1.2.3" />
+  </ItemGroup>
+
+</Project>

src/Services/Identity/Identity.API/Extensions/DataProtectionBuilderExtensions.cs → src/BuildingBlocks/DataProtection/DataProtection/DataProtectionBuilderExtensions.cs

@@ -1,13 +1,11 @@
-namespace DataProtectionExtensions
+namespace Microsoft.eShopOnContainers.BuildingBlocks
 {
-    using System;
-    using System.Linq;
-    using System.Security.Cryptography.X509Certificates;
     using Microsoft.AspNetCore.DataProtection;
     using Microsoft.AspNetCore.DataProtection.Repositories;
-    using Microsoft.AspNetCore.DataProtection.XmlEncryption;
     using Microsoft.Extensions.DependencyInjection;
     using Microsoft.Extensions.Logging;
+    using System;
+    using System.Linq;
     using System.Net;
 
     /// <summary>
@@ -46,10 +44,11 @@
             {
                 throw new ArgumentException("Redis connection string may not be empty.", nameof(redisConnectionString));
             }
-            
+
             var ips = Dns.GetHostAddressesAsync(redisConnectionString).Result;
 
-            return builder.Use(ServiceDescriptor.Singleton<IXmlRepository>(services => new RedisXmlRepository(ips.First().ToString(), services.GetRequiredService<ILogger<RedisXmlRepository>>())));
+            return builder.Use(ServiceDescriptor.Singleton<IXmlRepository>(services =>
+                new RedisXmlRepository(ips.First().ToString(), services.GetRequiredService<ILogger<RedisXmlRepository>>())));
         }
 
         /// <summary>

src/Services/Identity/Identity.API/Extensions/RedisXmlRepository.cs → src/BuildingBlocks/DataProtection/DataProtection/RedisXmlRepository.cs

@@ -1,17 +1,13 @@
-using System;
-using System.Collections.Generic;
-using System.Diagnostics.CodeAnalysis;
-using System.IO;
-using System.Linq;
-using System.Text;
-using System.Text.RegularExpressions;
-using System.Xml.Linq;
-using Microsoft.AspNetCore.DataProtection.Repositories;
-using Microsoft.Extensions.Logging;
-using StackExchange.Redis;
-
-namespace DataProtectionExtensions
+namespace Microsoft.eShopOnContainers.BuildingBlocks
 {
+    using Microsoft.AspNetCore.DataProtection.Repositories;
+    using Microsoft.Extensions.Logging;
+    using StackExchange.Redis;
+    using System;
+    using System.Collections.Generic;
+    using System.Text.RegularExpressions;
+    using System.Xml.Linq;
+
     /// <summary>
     /// Key repository that stores XML encrypted keys in a Redis distributed cache.
     /// </summary>
@@ -211,4 +207,4 @@ namespace DataProtectionExtensions
             }
         }
     }
-}
+}

src/Services/Identity/Identity.API/Identity.API.csproj

@@ -39,7 +39,6 @@
     </PackageReference>
     <PackageReference Include="IdentityServer4.AspNetIdentity" Version="1.0.1" />
     <PackageReference Include="IdentityServer4.EntityFramework" Version="1.0.1" />
-    <PackageReference Include="StackExchange.Redis" Version="1.2.3" />
   </ItemGroup>
 
   <Target Name="PrepublishScript" BeforeTargets="PrepareForPublish">
@@ -59,6 +58,7 @@
   </ItemGroup>
 
   <ItemGroup>
+    <ProjectReference Include="..\..\..\BuildingBlocks\DataProtection\DataProtection\DataProtection.csproj" />
     <ProjectReference Include="..\..\..\BuildingBlocks\HealthChecks\src\Microsoft.AspNetCore.HealthChecks\Microsoft.AspNetCore.HealthChecks.csproj" />
     <ProjectReference Include="..\..\..\BuildingBlocks\HealthChecks\src\Microsoft.Extensions.HealthChecks.SqlServer\Microsoft.Extensions.HealthChecks.SqlServer.csproj" />
     <ProjectReference Include="..\..\..\BuildingBlocks\HealthChecks\src\Microsoft.Extensions.HealthChecks\Microsoft.Extensions.HealthChecks.csproj" />
@@ -70,4 +70,9 @@
     </None>
   </ItemGroup>
 
+  <ItemGroup>
+    <Folder Include="Extensions\" />
+    <Folder Include="Extensions\" />
+  </ItemGroup>
+
 </Project>

src/Services/Identity/Identity.API/Startup.cs

@@ -1,29 +1,27 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
+using Identity.API.Certificate;
+using Identity.API.Configuration;
+using Identity.API.Data;
+using Identity.API.Models;
+using Identity.API.Services;
+using IdentityServer4.EntityFramework.DbContexts;
+using IdentityServer4.EntityFramework.Mappers;
+using IdentityServer4.Services;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore;
+using Microsoft.eShopOnContainers.BuildingBlocks;
+using Microsoft.eShopOnContainers.Services.Catalog.API.Infrastructure;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
-using Microsoft.Extensions.Logging;
-using Identity.API.Data;
-using Identity.API.Models;
-using Identity.API.Services;
-using Identity.API.Configuration;
-using IdentityServer4.Services;
-using System.Threading;
-using Microsoft.eShopOnContainers.Services.Catalog.API.Infrastructure;
-using Microsoft.AspNetCore.Identity;
 using Microsoft.Extensions.HealthChecks;
-using Identity.API.Certificate;
-using DataProtectionExtensions;
+using Microsoft.Extensions.Logging;
+using System;
+using System.Collections.Generic;
+using System.Linq;
 using System.Reflection;
-using IdentityServer4.Test;
-using IdentityServer4.EntityFramework.DbContexts;
-using IdentityServer4.EntityFramework.Mappers;
+using System.Threading.Tasks;
 
 namespace eShopOnContainers.Identity
 {
@@ -39,7 +37,7 @@ namespace eShopOnContainers.Identity
             if (env.IsDevelopment())
             {
                 // For more details on using the user secret store see http://go.microsoft.com/fwlink/?LinkID=532709
-                //builder.AddUserSecrets();
+                builder.AddUserSecrets();
             }
 
             builder.AddEnvironmentVariables();
@@ -63,10 +61,14 @@ namespace eShopOnContainers.Identity
 
             services.AddMvc();
 
-            services.AddDataProtection(opts =>
+            if (Configuration.GetValue<string>("IsClusterEnv") == bool.TrueString)
             {
-                opts.ApplicationDiscriminator = "eshop.identity";
-            });//.PersistKeysToRedis("basket.data");
+                services.AddDataProtection(opts =>
+                {
+                    opts.ApplicationDiscriminator = "eshop.identity";
+                })
+                .PersistKeysToRedis(Configuration["DPConnectionString"]);
+            }
 
             services.AddHealthChecks(checks =>
             {
@@ -138,15 +140,15 @@ namespace eShopOnContainers.Identity
                     template: "{controller=Home}/{action=Index}/{id?}");
             });
 
-            InitializeDatabase(app);
+            // Store idsrv grant config into db
+            InitializeGrantStoreAndConfiguration(app).Wait();
 
             //Seed Data
             var hasher = new PasswordHasher<ApplicationUser>();
-            new ApplicationContextSeed(hasher).SeedAsync(app, loggerFactory)
-            .Wait();
+            new ApplicationContextSeed(hasher).SeedAsync(app, loggerFactory).Wait();
         }
 
-        private void InitializeDatabase(IApplicationBuilder app)
+        private async Task InitializeGrantStoreAndConfiguration(IApplicationBuilder app)
         {
             //callbacks urls from config:
             Dictionary<string, string> clientUrls = new Dictionary<string, string>();
@@ -164,27 +166,27 @@ namespace eShopOnContainers.Identity
                 {
                     foreach (var client in Config.GetClients(clientUrls))
                     {
-                        context.Clients.Add(client.ToEntity());
+                        await context.Clients.AddAsync(client.ToEntity());
                     }
-                    context.SaveChanges();
+                    await context.SaveChangesAsync();
                 }
 
                 if (!context.IdentityResources.Any())
                 {
                     foreach (var resource in Config.GetResources())
                     {
-                        context.IdentityResources.Add(resource.ToEntity());
+                        await context.IdentityResources.AddAsync(resource.ToEntity());
                     }
-                    context.SaveChanges();
+                    await context.SaveChangesAsync();
                 }
 
                 if (!context.ApiResources.Any())
                 {
                     foreach (var api in Config.GetApis())
                     {
-                        context.ApiResources.Add(api.ToEntity());
+                        await context.ApiResources.AddAsync(api.ToEntity());
                     }
-                    context.SaveChanges();
+                    await context.SaveChangesAsync();
                 }
             }
         }

src/Services/Identity/Identity.API/appsettings.json

@@ -2,9 +2,10 @@
   "ConnectionStrings": {
     "DefaultConnection": "Server=tcp:127.0.0.1,5433;Database=Microsoft.eShopOnContainers.Services.IdentityDb;User Id=sa;Password=Pass@word;"
   },
+  "IsClusterEnv": "False",
   "MvcClient": "http://localhost:5100",
   "SpaClient": "http://localhost:5104",
-  "XamarinCallback":  "http://localhost:5105/xamarincallback",
+  "XamarinCallback": "http://localhost:5105/xamarincallback",
   "Logging": {
     "IncludeScopes": false,
     "LogLevel": {

src/Web/WebMVC/Controllers/AccountController.cs

@@ -24,8 +24,6 @@ namespace Microsoft.eShopOnContainers.WebMVC.Controllers
             var user = User as ClaimsPrincipal;
             var token = await HttpContext.Authentication.GetTokenAsync("access_token");
 
-            //TODO - Not retrieving AccessToken yet
-            //var token = user.FindFirst("access_token");
             if (token != null)
             {
                 ViewData["access_token"] = token;

src/Web/WebMVC/Startup.cs

@@ -1,22 +1,17 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.Http;
+using Microsoft.eShopOnContainers.BuildingBlocks;
+using Microsoft.eShopOnContainers.BuildingBlocks.Resilience.Http;
+using Microsoft.eShopOnContainers.WebMVC.Infrastructure;
+using Microsoft.eShopOnContainers.WebMVC.Services;
+using Microsoft.eShopOnContainers.WebMVC.ViewModels;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.HealthChecks;
 using Microsoft.Extensions.Logging;
-using Microsoft.eShopOnContainers.WebMVC.ViewModels;
-using Microsoft.eShopOnContainers.WebMVC.Services;
+using System;
 using System.IdentityModel.Tokens.Jwt;
-using Microsoft.IdentityModel.Tokens;
-using Microsoft.AspNetCore.Http;
-using System.Threading;
-using Microsoft.Extensions.Options;
-using Microsoft.Extensions.HealthChecks;
-using Microsoft.eShopOnContainers.BuildingBlocks.Resilience.Http;
-using Microsoft.eShopOnContainers.WebMVC.Infrastructure;
 
 namespace Microsoft.eShopOnContainers.WebMVC
 {
@@ -46,12 +41,15 @@ namespace Microsoft.eShopOnContainers.WebMVC
         {
             services.AddMvc();
 
-            services.AddDataProtection(opts =>
+            if (Configuration.GetValue<string>("IsClusterEnv") == bool.TrueString)
             {
-                opts.ApplicationDiscriminator = "eshop.webmvc";
-            });
+                services.AddDataProtection(opts =>
+                {
+                    opts.ApplicationDiscriminator = "eshop.webmvc";
+                })
+                .PersistKeysToRedis(Configuration["DPConnectionString"]);
+            }
 
-            
             services.Configure<AppSettings>(Configuration);
 
             services.AddHealthChecks(checks =>

src/Web/WebMVC/WebMVC.csproj

@@ -54,6 +54,7 @@
   </ItemGroup>
 
   <ItemGroup>
+    <ProjectReference Include="..\..\BuildingBlocks\DataProtection\DataProtection\DataProtection.csproj" />
     <ProjectReference Include="..\..\BuildingBlocks\HealthChecks\src\Microsoft.AspNetCore.HealthChecks\Microsoft.AspNetCore.HealthChecks.csproj" />
     <ProjectReference Include="..\..\BuildingBlocks\HealthChecks\src\Microsoft.Extensions.HealthChecks\Microsoft.Extensions.HealthChecks.csproj" />
     <ProjectReference Include="..\..\BuildingBlocks\Resilience\Resilience.Http\Resilience.Http.csproj" />

src/Web/WebMVC/appsettings.json

@@ -4,6 +4,7 @@
   "BasketUrl": "http://localhost:5103",
   "IdentityUrl": "http://localhost:5105",
   "CallBackUrl": "http://localhost:5100/",
+  "IsClusterEnv": "True",
   "UseResilientHttp": "True",
   "Logging": {
     "IncludeScopes": false,

src/Web/WebSPA/Startup.cs

@@ -10,6 +10,7 @@ using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.HealthChecks;
 using Newtonsoft.Json.Serialization;
 using eShopOnContainers.WebSPA;
+using Microsoft.eShopOnContainers.BuildingBlocks;
 
 namespace eShopConContainers.WebSPA
 {
@@ -59,10 +60,14 @@ namespace eShopConContainers.WebSPA
 
             services.Configure<AppSettings>(Configuration);
 
-            services.AddDataProtection(opts =>
+            if (Configuration.GetValue<string>("IsClusterEnv") == bool.TrueString)
             {
-                opts.ApplicationDiscriminator = "eshop.webspa";
-            });
+                services.AddDataProtection(opts =>
+                {
+                    opts.ApplicationDiscriminator = "eshop.webspa";
+                })
+                .PersistKeysToRedis(Configuration["DPConnectionString"]);
+            }
 
             services.AddAntiforgery(options => options.HeaderName = "X-XSRF-TOKEN");
 

src/Web/WebSPA/WebSPA.csproj

@@ -79,6 +79,7 @@
   -->
     
   <ItemGroup>
+    <ProjectReference Include="..\..\BuildingBlocks\DataProtection\DataProtection\DataProtection.csproj" />
     <ProjectReference Include="..\..\BuildingBlocks\HealthChecks\src\Microsoft.AspNetCore.HealthChecks\Microsoft.AspNetCore.HealthChecks.csproj" />
     <ProjectReference Include="..\..\BuildingBlocks\HealthChecks\src\Microsoft.Extensions.HealthChecks\Microsoft.Extensions.HealthChecks.csproj" />
   </ItemGroup>