Blog Post

Apps on Azure Blog
2 MIN READ

Easily deploy .NET apps to Azure Container Apps with default configuration for data protection

JiachenJiang's avatar
JiachenJiang
Icon for Microsoft rankMicrosoft
Jul 29, 2024

The Azure Container Apps and .NET team have made it easier than ever to deploy your .NET application by supporting automatic configuration for data protection. This support is currently available as an opt-in feature in the Container Apps API version 2024-02-02-preview.

 

This blog post will discuss the feature and what it enables, how to determine if your application is correctly configured, and how to enable configuration for data protection across a variety of .NET versions.

 

What is data protection?

 

Many ASP.NET Core apps rely on a feature called data protection, which is a cryptographic API to protect data using methods like key management and rotation. By default, it requires additional configuration in both Azure and in application code to function correctly when hosted in Container Apps.

 

If data protection isn’t configured, the application will appear to function correctly but will experience bugs when the application scales out to multiple replicas.

 

For detailed information about the data protection feature, read here.

 

Configuring data protection for your .NET Application

 

The process of configuring the data protection feature varies depending on the version of .NET you are using.

 

.NET Aspire

 

Aspire applications deployed using the Azure Developer CLI (azd) will have data protection configured by default.

 

.NET 8 and up

 

If you are using ASP.NET Core v9.0.0-preview.2.24128.4 and later and ASP.NET Core v8.0.4 and newer, you can configure data protection using ARM and Bicep.

 

This can be done with turning on the new `autoConfigureDataProtection` property, which will allow ASP.NET Core data protection keys to be automatically managed by the platform.

 

.NET 7 and under

 

If you are using ASP.NET Core with a lower version than previously described, you will have to configure data protection manually. We recommend upgrading to one of the supported .NET versions or doing so using ARM.

 

Next Steps

 

Congratulations, you now ensured that your .NET application has data protection correctly configured and will scale to multiple replicas without issue!

 

Want to learn more? You can...

 

 

Updated Jul 29, 2024
Version 2.0
  • vRune4's avatar
    vRune4
    Copper Contributor

    I currently store dp keys in a storage account. Can I enable `autoConfigureDataProtection` and also add my old keys? (Or: What would that configuration look like?)

    I'm guessing that if my startup code doesn't configure anything dp-related at all, and I set autoConfigureDataProtection it will be enough to get DP rolling (but old keys will not be honored).