The New Data Protection Features of .NET 8 (GDPR)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everybody I'm Nick and in this video I'm going to show you a brand new feature add in net 8 that allows you to implement compliance and data protection rules in your do applications very very easily this applies to anyone doing anything with c shopping.net and in this video I'm going to show you exactly what it is how it works how you can customize it and how easy it is and also how important it is to implement in your obligations if you like of content you want to see more make sure you subscribe for more training check out my courses on do tr.com okay let me show you what I have here have this API over here and all it really has is a customers post and point and then we have a logger and we accept a customer that assume is being created in some service assume that we inject the customer service. create and we pass down the customer sort of thing but just to save time because the whole feature is not there what I'm going to do is just fake the call and only have an API that just does the thing log something and then Returns the customer to sort of imitate something that would create a customer and if we want to be very more accurate we would return a 2011 created but that is fun for what we're doing and now what I'm going to do is just call this endpoint and as you're going to see we have this endpoint where we call Post on customers with this body and we pretended we create the customer and as you're going to see over here we had this in Net 7 I'm able to pass down in my log an object and then I can pass down the object itself and because in this case the object is a record it's going to be deconstructed and we're going to see the values of this record but if this record was actually a class and this is actually not quite the same thing so let me just quickly turn this into a class this was using primary Constructors which is actually a property behind the scenes for records but they can be filled or just Constructor parameters for customers so let me just quickly change that so now with this imp place if I go ahead and I run this then as you're going to see I'm going to still get the same functionality but because it's using the two string method of the object all I'm going to get is the object type itself nothing really in terms of the content let me just quickly revert this back to a record and when you're logging in your application you're actually logging for the extended or expanded version of an object when you pass it here not really the two- string method so what was adding net 8 and this is on top of what I'm going to show you in terms of compliance at data protection is the following we can go on newu get and we can search for microsoft. extensions. Telemetry so I'm going to go ahead and just add this now if you're using the building logger in Microsoft you should really be using the source generated version whenever you can and this actually lends itself very nicely for this use case I should point out by the way that I could say for example customer name and then expand the customer name and so on but it's way easier to just pass the object itself so what I'm going to do is create a new login class and turn this into a static partial class and then what I'm going to do is create a public static partial void log customer created that is an extension method on the I logger and it accepts a customer to help me log it and now to use a source generator all I'm going to say is logger message I'm going to specify the criticality of the message so in this case it's just information and I'm also going to specify the message template in this case customer created now I'm not going to say customer here not going to do any of that at all instead I'm just going to say customer created now what we have by adding this new nit package is the following I can now use in this method actually the log properties attribute and by doing that and using this method now to log instead of having a log do log information I can say logger do log customer created past my customer I still have the same logging logic but when I call this endpoint now what I can see here is well nothing really but that's only because the login provider I'm using doesn't allow me to see any of the properties behind the scenes so if I go and I say builder. login. clear providers and then I say builder. login. add Json console which will allow me to see the capture parameters then when I run this Watch What Happens what I have here in fact let me just customize it a bit so we can actually see this even better here we go if I just have the Json writer over here and I change it and then I rerun this application as you're going to see it's going to be an expanded version and now I don't only have the message which is customer created with all of these parameters and the original format but I also capture individually each property of the type no matter if the type is a record or just a class I could go back here I could turn this back into a class this would still work so this is a very nice and convenient feature when you loging and you want to capture all the properties within an object very very nice however here's the problem this customer object has things like name email date of birth ID all of these things could be pii data or sensitive data and you might want to sanitize them in some way you might want to redact them you might not want to just push them into your login provider as they are many companies have policies that should prevent that and in my case working in finance I had to do this we have to sanitize a lot of that data and maybe just keep some IDs that don't necessarily allow us to crossmatch data Maybe introduce encryption or hashing or maybe partially stize the data where you just remove some of the characters and you add stars now this has been possible in login providers like Ser log but the built-in logger didn't really have support and S log's performance when you introduce those sanitizers wasn't really great so in doet 8 we got a way to do this on the buildin logger and it is amazing let me show you now before I move on I'd like to let you know we just launched our second clean architecture course on dome train called Deep dive clean architectur in.net and it's again expected delivered by Microsoft engineer Amai manman who also has YouTube channel and he's also running clean architecture training for Microsoft employees within Microsoft this is a unique opportunity to learn how to build applications using clean architecture by someone who writes code for Technologies like teams PowerPoint and word and his code is used by millions of users every month not only did we launch this course which is a follow-up to the getting started we already have but now both courses are bundled into a from Zero to Hero clean architecturing net bundle which also has a permanent 20% discount so if you want to buy both that's the best value you're going to find Now to celebrate the launch I'd like to offer the first 500 of you a 20% discount on this brand new cost so check the link in the description and use code clean 20 at checkout this is by far the best clean architecture course you're going to find out there everything updated to latest.net with latest practices by someone who's actually practicing what he's teaching in one of the biggest companies in the world so don't miss this opportunity now back to the video okay so to add it first we have to go on new get and we have to search for microsoft. extensions. compliance and we're going to add the full packet we're not going to add the abstraction and it's the compliance. reduction that we want I'm going to go ahead and just add it and now the first thing I want to do is go up here and say builder. log. enable reduction there's also enable enrichment that is for a different video we're going to focus on reduction for now and then what I'm going to say is builder. services. ADD reduction now we going to have to do some customization here but before we customize our settings in this reduction method we need to specify a few things namly the taxonomy of the reduction we want to do how we classify our data and how we deal with differently classified data what is sensitive what is pii what happens in each case do you have a custom category as well you have full control over this the API Microsoft Is providing is very open so the first thing I'm going to do is I'm going to create a new class and I'm going to call that data taxonomy now I'm going to turn this into a static class and in here I'm going to store all my different taxonomies for my data now first I'm going to just cast the taxonomy name over here I'm going to get that from the full name of the type and then I'm going to create a public static data classification struct in the first case I'm going to have sensitive data and that's going to be a new data classification of taxonomy name and then the name of the property itself so sensitive data and then another one of those I'm going to call it pii data and that's going to go here as well and that is it now I have my taxonomy you can add more or less you can choose to customize this any way you want now because we're going to be applying those through attributes what I'm also going to do is create a couple of those so first I'm going to say sensitive data attribute and that is going to extend the data classification attribute in fact we're going to override the missing memb which is actually the Constructor we're going to say this is a parameterless Constructor and we're going to call the data taxonomy do sensitive data over here we're going to do the same thing exactly for the pii data so pii personally identifiable data set it here as well and then pii data and that is it so I'm going to go back into my program.cs and now I'm going to use that taxonomy in those settings so to register those what I want to do is say x dot and I'm going to set a redactor I'm going to set the erasing reductor which is a built-in one and what this one allows me to do is say new data classification set and I'm going to use the data taxonomy do sensitive data so if you see sensitive data erase it not mask it not just erase it completely and then just to also use the other available one what I'm going to say is x. set hmac reductor which hmac is a hash function so we're going to Hash the value that is going to go into the log and then I'm going to have some options over here and the ones I have to set first is of course the key so because there's hashing going on we're going to have a key obviously store this securely in some Secrets manager service for now I'm just going to have it in the program. CF so you can grab the code from the description and play around with it if you want to but really this should be stored and loaded securely I have videos on how to do that so I'm not going to focus on that for now all I'm going to say is convert to B 64 string and then I'm just going to say secret key don't hard code instead store and load securely and then the other thing I need is a key ID now the key ID is literally an identifier of the key and it is used as a prefix to the value I'm hashing this is all going to make sense but the idea is that whenever you see a sanitized piece of data that starts with in this case this random number then what's going to happen is you're going to say oh this was hased with this key I can use the same key to get the same value if I need to now all that again will need to be applied to a classification set so I'm going to say data taxonomy dop data and that is it and now I can go to the thing I want to sanitize in my logs in this case the customer and I'm going to say just for argument sake that the name is actually sensitive data so I'm going to use the attribute and in fact I have to make the Constructor public for that and then I'm going to have the pii data same thing as before public Constructor on the attributes I created now one thing before I run the application this hmac method is actually tagged as experimental so we're going to have to shut this one down let's do that by saying disable this warning and I'm going to go ahead and just run this and as you're going to see if I go and call this endpoint what you see now is the name not being in the logs at all it's being completely removed because we using the erasing redactor that just erases it and then the email has been hashed using hmac and the Q we provided and also the value is prepended or it has a prefix of the ID the key ID we gave to this specific type of redactor so in this case the pii data now one of the most common questions you might have seeing this is can I make my own redactor because erasing it is fine and then maybe hashing is fine as well but how about I just have an email and I put some stars or I convert the whole email to stars or whatever I want well you can actually do that I'm going to go and create a new class and I'm going to say star reductor over here I'm going to extend the reductor class and the only two members I have is reduct and get reducted length now I'm going to keep this very very simple so all I'm going to say in the length which should be the final length of the reducted thing is input dot length so I'm going to use the length of the incoming piece of data and then I'm just going to add Stars instead of having the value but you have both the source and the destination which is the span you're going to write into to basically return something to the user so all I'm going to say here is destination do fill with stars and then return destination. length and that is it and now I can go back to the program.cs and I'm going to say do not use the erasing reductor for this data instead use the star reductor so if I do that for the sensitive data again sensitive data in this case is the name what's going to happen when I call this endpoint is you're going to see Full of Stars instead of seeing these characters of course you have full control over the thing you're writing into so if you wanted this destination to be something else then you could you can change it in any way you want Microsoft has given control over this now this is also available for the new tag provider but that is a story for a different video all I want to show you in this video is how you can get started with this new piece of data and I know many many people have hand roll their own version of this but from what I've seen and especially with the performance we're getting because spans are used everywhere here this is what you should be using if you're sanitizing data Microsoft I'm sure will build this even more going forward so please give it a go code in the description and let me know what you think well that's all I had for you for than you very much for watching and as always keep coding
Info
Channel: Nick Chapsas
Views: 44,400
Rating: undefined out of 5
Keywords: Elfocrash, elfo, coding, .netcore, dot net, core, C#, how to code, tutorial, development, software engineering, microsoft, microsoft mvp, .net core, nick chapsas, chapsas, dotnet, .net, c#, .net 8, data compliance, data compliance .net, data compliance logs, logs .net 8, data redaction, log redaction
Id: rK3-tO7K6i8
Channel Id: undefined
Length: 14min 9sec (849 seconds)
Published: Thu Dec 21 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.