Privacy in .NET Core
.NET Core is designed with privacy as a core principle. The platform provides features and guidance to help you build applications that respect user data, comply with regulations, and maintain transparency.
Key Privacy Features
- Data Protection API – Encrypts sensitive data at rest and in transit.
- GDPR Compliance Guidance – Built‑in support for data subject access requests and data erasure.
- Cookie Policy Middleware – Simplifies consent management for web applications.
- Telemetry Opt‑Out – Developers can disable data collection for the runtime.
Data Protection API
The Data Protection API (DPAPI) offers a simple, high‑level API for cryptographic operations. Below is a minimal example of configuring DPAPI in an ASP.NET Core app.
public void ConfigureServices(IServiceCollection services)
{
services.AddDataProtection()
.PersistKeysToFileSystem(new DirectoryInfo(@"./keys"))
.SetApplicationName("MyApp");
}GDPR Support
Use the Microsoft.AspNetCore.Http extensions to handle data‑subject requests. Example:
[HttpPost("api/user/erase")]
public async Task EraseUserData([FromBody] EraseRequest request)
{
await _userService.DeleteUserAsync(request.UserId);
return NoContent();
} Cookie Consent Middleware
Add the middleware to enforce cookie consent:
app.UseCookiePolicy(new CookiePolicyOptions
{
MinimumSameSitePolicy = SameSiteMode.Strict,
Secure = CookieSecurePolicy.Always,
HttpOnly = HttpOnlyPolicy.Always,
CheckConsentNeeded = context => true
});Telemetry Opt‑Out
Disable runtime telemetry by setting an environment variable or using the runtimeconfig.json file:
{
"runtimeOptions": {
"configProperties": {
"System.GC.Server": true,
"Microsoft.NETCore.DotNetHostPolicy.DisableTelemetry": true
}
}
}Further Reading
For any privacy‑related questions, please visit the Community Forum or open an issue on GitHub.