Question
I've found what seems to be a pretty neat little package that lets you use dapper + identity core 2.0. However, since I am very new to core development, I am getting a little confused about something and I'm not sure how to resolve it. The package in question is this: https://github.com/grandchamp/Identity.Dapper
What the package is asking me is to setup some minor configuration and then things should just work. Here are the instructions:
//To configure the DBMS connection, you can add a DapperIdentity and a DapperIdentityCryptography section to your configuration file like this:
"DapperIdentity": {
"ConnectionString": "Connection string of your database",
"Username": "user",
"Password": "123"
},
"DapperIdentityCryptography": {
"Key": "base64 32 bits key",
"IV": "base64 16 bits key"
}
What really confuses me is the DapperIdentityCryptography part. Is it expecting me to leave it as it is or is it expecting me to provide some sort of encrypted string. I just don't get it. The other part I'm confused about is leaving the Connection string in a readable format, I have a feeling that I'm supposed to encrypt it, put it in the ConnectionString section and then provide a key to decrypt it?
Accepted Answer
From what I can see at the moment the DapperIdentityCryptography section is only used for decrypting the provided Password inside the DapperIdentity section. This is not very useful, because you are storing both the encrypted password and the encryption key in the same file, which is almost the same of storing the password in plain text.
You may also store the password directly in plain text, and ignore the DapperIdentityCryptography section entirely.
Example:
"DapperIdentity": {
"ConnectionString": "Server=myServerAddress;Database=myDataBase",
"Username": "MyUserName",
"Password": "MyPassword"
}
If, instead, you want to use the cryptography section you need to generate a pair of Key and IV for AES, encrypt your db password with it and then store Key and IV inside your appsettings.json converted into BASE64 strings (or you may use the command line utility dotnet user-secrets in your development machine like the documentation says) and your Db Password into UTF8 string.
Then your appsettings.json may look like this (taken from the sample):
"DapperIdentity": {
"ConnectionString": "Server=myServerAddress;Database=myDataBase",
"Username": "MyUserName",
"Password": "MYUTF8STRINGENCRYPTEDPASSWORD"
},
"DapperIdentityCryptography": {
"Key": "FrFE/VtQ5pfNhGYVnyf65Sa6j4h6ion3ItkAnqLsnBE=", // this is an example, never use in production
"IV": "Ig/YU0tgUqI1u2VzWH0plQ==" // this is an example, never use in production
}
Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow