Improvements for Offline File Cache

[zhenlan]

When managed identity (or any AAD authentication) is used to connect to App Configuration, the user need to provide Key, IV and SignKey as part of OfflineFileCacheOptions.

We should allow OfflineFileCache used with AAD auth but throw a more helpful exception when the above condition is detected.

AppConfiguration-DotnetProvider/src/Microsoft.Extensions.Configuration.AzureAppConfiguration/OfflineFileCache.cs

Line 247 in de3fc18

if (azconfigOptions.ConnectionString == null)

See Azure/AppConfiguration#101 for more details fo the discussion.

[abhilasharora]

If the user connects to the App Configuration store using a connection string and specifies one or two (not all) of the three parameters Key, IV and SignKey, we can handle it in several ways.

1. Use the connection string for encryption and ignore the user specified options. This allows the offline cache to work with auto-generated values for all parameters based on connection string.
2. Throw an error that either all three or none of the options should be set. Since the user's intention here might be to use custom parameters for encryption, it lets the user know that all three are required, and fails if partial input is provided.
3. Use the user-specified values for encryption parameters that were specified, and auto-generate the remaining parameter values from the connection string. This ensures that the user-specified values are actually used, and the ones that were skipped are auto-generated.

@zhenlan @MSGaryWang @jimmyca15
Which of these approaches do you think is better? I prefer the last one.

[abhilasharora]

Here is a summary of the issues and proposed changes for the offline cache based on my discussion with @drago-draganov and @jimmyca15. The current plan is to address these issues together as a breaking change in the 4.0.0 release for the configuration provider, instead of fixing some of these partially in our next 3.0.1 release. Let me know if I missed anything.

Issues with Current Implementation

1. We do not support offline cache to be used if a connection string is not being used to connect to the configuration store.
2. The encryption and signing key parameters are optional. If these are not set, we auto-generate these from the connection string. This is a bad practice since the connection string is not meant to be used for the purpose of encryption or signing.
3. In the default scenario, we use the same auto-generated key for encryption as well as signing. Using a separate key should allow us to spread the risk in case one of the keys is compromised and improve the security of the data.
4. We expose IV (initialization vector) as a public property in OfflineFileCacheOptions to be overridden by the user. This is an internal implementation detail that could be hidden from the user and simplify the public interface.
5. We attempt to load the offline cache when we fail to fetch the key-values from the configuration store during initial load or refresh all scenario even when the server returns a 401 (Unauthorized) or 403 (Forbidden) status code. In this case, we should clear the offline cache since the user no longer has access to the store.

Additional Feature Improvements to Offline Cache

1. Allow users to specify the encryption algorithm to use to encrypt the data (currently SHA256).
2. Allow configuration refresh to also update the offline cache.
3. Set up offline cache to expire after N days and allow users to configure TTL for the cache.
4. Update initial configuration load to retrieve settings from the offline cache before updating them with the configuration store for improved development experience.

Offline File Cache Format

{
    "enc_data" : "...",
    "enc_algorithm": "sha256",
    "data_hash": "...",
    "scope": "...",
    "timestamp": "...",
    "signature": "..."
}

var string_to_sign = enc_data + "\n" + "enc_algorithm" + "\n" + data_hash + "\n" + scope + "\n" + timestamp;
var signature = base64(HMAC(string_to_sign, sign_key));

[bvirkler]

Any updates on this? Did it make it into the 4.0 release?

[zhenlan]

This didn't make it into the 4.0 release. We are working on a redesign of the feature. It involves a bit more work. We didn't want to hold the 4.0 release for this.

[avanigupta]

Hi @bvirkler, we are evaluating how Offline Cache is used in different applications. Could you please help us understand the problem you are trying to solve by using Offline Cache?

[bvirkler]

We're using App Configuration for apps hosted on-premises. We wanted to use offline cache to minimize the impact of a loss of connectivity to Azure.

[avanigupta]

We decided to completely remove offline caching capabilities. Please see this announcement for more details: Azure/AppConfiguration-Announcements#20