File system storage

This page describes the use of the File System Storage strategy.

Prerequisites

The FileSystemClientStore and FileSystemNonceStore are included in the Dalion.HttpMessageSigning.Verification.FileSystem package. Install into your .NET Core or .NET Framework project:

dotnet add package Dalion.HttpMessageSigning.Verification.FileSystem

or

PM> Install-Package Dalion.HttpMessageSigning.Verification.FileSystem

Client store configuration

Register it in your IoC container, to use it instead of the default InMemoryClientStore:

public void ConfigureServices(IServiceCollection services) {
    services
        .AddHttpMessageSignatureVerification()
        .UseFileSystemClientStore(provider => new FileSystemClientStoreSettings {
            FilePath = System.IO.Path.Combine(@"\\state-server\webapp", "Clients.xml"),
            ClientCacheEntryExpiration = TimeSpan.FromMinutes(3),
            SharedSecretEncryptionKey = "The_Big_S3cr37"
        });
}

The ClientCacheEntryExpiration property specifies the amount of time that Clients are cached in memory. During that time, the file is not queried when verifying signatures. You can disable in-memory caching by setting this property to TimeSpan.Zero.

The SharedSecretEncryptionKey property specifies the symmetric key to use when encrypting the HMAC key for storage in the file. To disable HMAC key encryption, omit this setter, or specify SharedSecretEncryptionKey.Empty. This setting has no effect on storing Clients using RSA or ECDsa signature algorithms. Only the public key is stored server-side, and is... you know... public.

There are a number of convenience overloads to the UseFileSystemClientStore method. Use the one that suits your needs.

Nonce store configuration

Register it in your IoC container, to use it instead of the default InMemoryNonceStore:

public void ConfigureServices(IServiceCollection services) {
    services
        .AddHttpMessageSignatureVerification()
        .UseFileSystemNonceStore(provider => new FileSystemNonceStoreSettings {
            FilePath = System.IO.Path.Combine(@"\\state-server\webapp", "Nonces.xml")
        });
}

There are a number of convenience overloads to the UseFileSystemNonceStore method. Use the one that suits your needs.

Note

The FileSystem NonceStore should be used with caution. When using this, there will be quite a lot of thread contention for the Nonces file. For high-load environments, we recommend that you use an alternative that allows simultaneous access to the nonces store, e.g. a database solution like MongoDB or Sql Server. We would recommend using the file system-based nonce store only for proof-of-concepts, or low-load applications.

Samples

A sample is available in the repository source: ASP.NET Core web application (.NET 10.0)