Add .Net Core 2 API to .Net 4.6 API Webfarm that uses machineKey encryption

Question

We have a microservices architecture made of .Net 4.6.1 Web API's that all use the same machineKey in their web.config's, which is required for them to be able to communicate. They are all deployed to in house company servers. We want to start using .Net Core 2 for new Web API's, but .Net Core Web API's use the new Data Protection API, which doesn't use the machineKey anymore, but uses a shared key file. So my question is:

How can we create a new .Net Core 2 Web API and add it to our existing .Net 4.6.1 microservices architecture, and get them communicating using the machineKey that they already use?

Answer 1

After much research I have come to the conclusion that this cannot be achieved, because .Net Core 2 API's do not support machineKey encryption. So, I retrofitted our .Net 4.6 API's with the .Net Core Data Protection API and configured them to use the same keyset. Then in our .Net Core API's I configured the Data Protection API's to use the same keyset as the .Net 4.6 API's. Then I created authentication middleware for our .Net Core 2.1 API's that decrypted the access tokens and created claims.

Here's a good article about replacing the machineKey in ASP.NET with Data Protection API: https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/compatibility/replacing-machinekey?view=aspnetcore-2.1

Here's a good thread about creating ASP.NET Core 2 Middleware: ASP.NET Core 2.0 authentication middleware