Aspnetcore.docs: Entity Framework Core - PersistKeysToDbContext

Hello @chrizy ... See the engineering sample :point_right: https://github.com/aspnet/AspNetCore/blob/master/src/DataProtection/samples/EntityFrameworkCoreSample/Program.cs

Let's leave this open. I'll mark it medium priority, given that the engineering sample exists. A member of the community is welcome to advance the content.

I'll put in a patch now on the link. They moved the engineering samples, so the link(s) need a quick touch.

Thanks, saw that sample but its using in memory db, if you try and use SQL server the required table is not generated.

Ah ... so it does.

For reference when this issue is worked :point_right: https://github.com/aspnet/AspNetCore/blob/2.2.0/src/DataProtection/EntityFrameworkCore/src/DataProtectionKey.cs

Hi,
I've tried to manually create the db table,

CREATE TABLE [dbo].DataProtectionKeys ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]

but now get this error

DbUpdateConcurrencyException: Database operation expected to affect 1 row(s) but actually affected 0 row(s). Data may have been modified or deleted since entities were loaded. See http://go.microsoft.com/fwlink/?LinkId=527962 for information on understanding and handling optimistic concurrency exceptions.
Microsoft.EntityFrameworkCore.Update.AffectedCountModificationCommandBatch.ThrowAggregateUpdateConcurrencyException(int commandIndex, int expectedRowsAffected, int rowsAffected)
Microsoft.EntityFrameworkCore.Update.AffectedCountModificationCommandBatch.ConsumeResultSetWithPropagation(int commandIndex, RelationalDataReader reader)
Microsoft.EntityFrameworkCore.Update.AffectedCountModificationCommandBatch.Consume(RelationalDataReader reader)
Microsoft.EntityFrameworkCore.Update.ReaderModificationCommandBatch.Execute(IRelationalConnection connection)
Microsoft.EntityFrameworkCore.Update.Internal.BatchExecutor.Execute(DbContext _, ValueTuple, IRelationalConnection> parameters)
Microsoft.EntityFrameworkCore.SqlServer.Storage.Internal.SqlServerExecutionStrategy.Execute(TState state, Func operation, Func> verifySucceeded)
Microsoft.EntityFrameworkCore.Update.Internal.BatchExecutor.Execute(IEnumerable commandBatches, IRelationalConnection connection)
Microsoft.EntityFrameworkCore.Storage.RelationalDatabase.SaveChanges(IReadOnlyList entries)
Microsoft.EntityFrameworkCore.ChangeTracking.Internal.StateManager.SaveChanges(IReadOnlyList entriesToSave)
Microsoft.EntityFrameworkCore.ChangeTracking.Internal.StateManager.SaveChanges(bool acceptAllChangesOnSuccess)
Microsoft.EntityFrameworkCore.DbContext.SaveChanges(bool acceptAllChangesOnSuccess)
Microsoft.EntityFrameworkCore.DbContext.SaveChanges()
Microsoft.AspNetCore.DataProtection.EntityFrameworkCore.EntityFrameworkCoreXmlRepository.StoreElement(XElement element, string friendlyName)
Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.IInternalXmlKeyManager.CreateNewKey(Guid keyId, DateTimeOffset creationDate, DateTimeOffset activationDate, DateTimeOffset expirationDate)
Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.CreateNewKey(DateTimeOffset activationDate, DateTimeOffset expirationDate)
Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider.CreateCacheableKeyRingCore(DateTimeOffset now, IKey keyJustAdded)
Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider.Microsoft.AspNetCore.DataProtection.KeyManagement.Internal.ICacheableKeyRingProvider.GetCacheableKeyRing(DateTimeOffset now)
Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider.GetCurrentKeyRingCore(DateTime utcNow)
Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider.GetCurrentKeyRing()
Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Protect(byte[] plaintext)

Show raw exception details

CryptographicException: An error occurred while trying to encrypt the provided data. Refer to the inner exception for more information.

Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Protect(byte[] plaintext)
Microsoft.AspNetCore.Session.CookieProtection.Protect(IDataProtector protector, string data)
Microsoft.AspNetCore.Session.SessionMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Diagnostics.StatusCodePagesMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

@chrizy When I did a migration on the context, it provided ...

CREATE TABLE [DataProtectionKeys] (
          [Id] int NOT NULL IDENTITY,
          [FriendlyName] nvarchar(max) NULL,
          [Xml] nvarchar(max) NULL,
          CONSTRAINT [PK_DataProtectionKeys] PRIMARY KEY ([Id])

... and SQL Server shows for the created table (following the migration) ...

CREATE TABLE [dbo].[DataProtectionKeys] (
    [Id]           INT            IDENTITY (1, 1) NOT NULL,
    [FriendlyName] NVARCHAR (MAX) NULL,
    [Xml]          NVARCHAR (MAX) NULL,
    CONSTRAINT [PK_DataProtectionKeys] PRIMARY KEY CLUSTERED ([Id] ASC)
);

... and then when I ran the test app, I did get a successful key generation ...

Of course, that doesn't mean that a concurrency problem wouldn't crop up down the road.

However, try that CREATE TABLE that EF worked up and see if because the table schema is a bit different if that concurrency problem goes away. If you still have a problem with it, open an issue on aspnet/AspNetCore issues and ping @natemcmaster. Also cross-link this issue to it so we can track the convo for the docs.

... and I'll add the ef commands that I used here for reference ...

dotnet ef migrations add AddDataProtectionKeys --context MyKeysContext
dotnet ef database update --context MyKeysContext

Finally, the sample files for the doc are here in case anyone wants to see them :point_right: https://github.com/aspnet/Docs/tree/master/aspnetcore/security/data-protection/implementation/key-storage-providers/sample

@natemcmaster TL;DR (u don't need to read this whole issue)

This issue is about the EF Core DP Key Provider.

The doc content:

• Doesn't show a CREATE TABLE statement to create the dB table (is there something built-in outside of a migration that I'm not aware of that will do it?).
• Doesn't indicate a migration that will work with the sample code.
• The sample code isn't a working app.

I can address these if you like by:

• Adding a CREATE TABLE statement, either of these (1st is via EF; 2nd from SQL Server) ...

CREATE TABLE [DataProtectionKeys] ( [Id] int NOT NULL IDENTITY, [FriendlyName] nvarchar(max) NULL, [Xml] nvarchar(max) NULL, CONSTRAINT [PK_DataProtectionKeys] PRIMARY KEY ([Id])

CREATE TABLE [dbo].[DataProtectionKeys] ( [Id] INT IDENTITY (1, 1) NOT NULL, [FriendlyName] NVARCHAR (MAX) NULL, [Xml] NVARCHAR (MAX) NULL, CONSTRAINT [PK_DataProtectionKeys] PRIMARY KEY CLUSTERED ([Id] ASC) );

• Show the migrations that work with the sample code:

Add-Migration AddDataProtectionKeys -Context MyKeysContext Update-Database -Context MyKeysContext

dotnet ef migrations add AddDataProtectionKeys --context MyKeysContext dotnet ef database update --context MyKeysContext

• Turn your sample code files into a working app and link the sample into the topic's section.

Thoughts?

Show the migrations that work with the sample code

This is the preferred solution. While you certainly could write your own SQL, that seems to defeat the purpose of EF Core.

I'd be happy to take in a PR which adds migrations to our samples.

Yes, that makes sense. It is after all the _EF Core_ DP Key Provider (and not the _SQL Server_ DP Key Provider ... uh oh ... don't give the community any ideas!).

It's kind'a nice tho to indicate somehow what the table's structure is to the reader. I'll think about how that might be shown or explained without showing an actual CREATE TABLE statement.

I'd be happy to take in a PR which adds migrations to our samples.

I'm not sure we'll have it in the doc sample app (we may even have a .gitignore over here to prevent committing them), but I can certainly send in a PR for the engineering sample.

I'm going to go ahead and get this scheduled for ... mmm 🤔 ... maybe this weekend.

Thanks your create table script fixed the issue.