Use protected configuration provider instead of reflection (WITHOUT DI) (#8132)

Address #8121
Related to https://github.com/NuGet/Engineering/issues/3206

Author: joelverhagen

src/NuGetGallery.Services/Configuration/ConfigurationService.cs

@@ -14,6 +14,7 @@
 using Microsoft.WindowsAzure.ServiceRuntime;
 using NuGet.Services.Configuration;
 using NuGet.Services.KeyVault;
+using NuGetGallery.Configuration.SecretReader;
 
 namespace NuGetGallery.Configuration
 {
@@ -40,6 +41,22 @@ public class ConfigurationService : IGalleryConfigurationService, IConfiguration
 
         public ISecretInjector SecretInjector { get; set; }
 
+        /// <summary>
+        /// Initializes the configuration service and associates a secret injector based on the configured KeyVault
+        /// settings.
+        /// </summary>
+        public static ConfigurationService Initialize()
+        {
+            var configuration = new ConfigurationService();
+            var secretReaderFactory = new SecretReaderFactory(configuration);
+            var secretReader = secretReaderFactory.CreateSecretReader();
+            var secretInjector = secretReaderFactory.CreateSecretInjector(secretReader);
+
+            configuration.SecretInjector = secretInjector;
+
+            return configuration;
+        }
+
         public ConfigurationService()
         {
             _httpSiteRootThunk = new Lazy<string>(GetHttpSiteRoot);

src/NuGetGallery/App_Start/DefaultDependenciesModule.cs

@@ -12,7 +12,6 @@
 using System.Net.Http;
 using System.Net.Mail;
 using System.Security.Principal;
-using System.Threading;
 using System.Threading.Tasks;
 using System.Web;
 using System.Web.Hosting;
@@ -58,7 +57,6 @@
 using NuGetGallery.Security;
 using NuGetGallery.Services;
 using Role = NuGet.Services.Entities.Role;
-using SecretReaderFactory = NuGetGallery.Configuration.SecretReader.SecretReaderFactory;
 
 namespace NuGetGallery
 {
@@ -88,18 +86,14 @@ protected override void Load(ContainerBuilder builder)
         {
             var services = new ServiceCollection();
 
-            var configuration = new ConfigurationService();
-            var secretReaderFactory = new SecretReaderFactory(configuration);
-            var secretReader = secretReaderFactory.CreateSecretReader();
-            var secretInjector = secretReaderFactory.CreateSecretInjector(secretReader);
+            var configuration = ConfigurationService.Initialize();
+            var secretInjector = configuration.SecretInjector;
 
             builder.RegisterInstance(secretInjector)
                 .AsSelf()
                 .As<ISecretInjector>()
                 .SingleInstance();
 
-            configuration.SecretInjector = secretInjector;
-
             // Register the ILoggerFactory and configure AppInsights.
             var applicationInsightsConfiguration = ConfigureApplicationInsights(
                 configuration.Current,

src/NuGetGallery/App_Start/GalleryMachineKeyConfigurationProvider.cs

@@ -0,0 +1,69 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Configuration;
+using System.Diagnostics;
+using System.Xml;
+using NuGetGallery.Configuration;
+
+namespace NuGetGallery
+{
+    public class GalleryMachineKeyConfigurationProvider : ProtectedConfigurationProvider
+    {
+        public static IGalleryConfigurationService Configuration { get; set; }
+
+        public override XmlNode Decrypt(XmlNode encryptedNode)
+        {
+            Trace.TraceInformation($"[{nameof(GalleryMachineKeyConfigurationProvider)}] Initializing machine key configuration.");
+
+            var xmlDoc = new XmlDocument();
+            xmlDoc.XmlResolver = null;
+            xmlDoc.AppendChild(xmlDoc.CreateElement(string.Empty, "machineKey", string.Empty));
+
+            // Get the configuration used for fetching the machine key settings. These will be cached for the lifetime
+            // of the process. This is acceptable because this function's outupt is also cached for the duration of the
+            // process by the .NET Framework configuration system.
+            var config = Configuration;
+            if (Configuration == null)
+            {
+                Trace.TraceWarning($"[{nameof(GalleryMachineKeyConfigurationProvider)}] Initializing dedicated configuration service.");
+                config = ConfigurationService.Initialize();
+                Trace.TraceWarning($"[{nameof(GalleryMachineKeyConfigurationProvider)}] Initialized dedicated configuration service.");
+                Configuration = config;
+            }
+
+            // The machine keys are used for encrypting/decrypting cookies used by ASP.NET, these are usually set by IIS in 'Auto' mode. 
+            // During a deployment to Azure cloud service the same machine key values are set on all the instances of a given cloud service,
+            // thereby providing session persistence across different instances in the same deployment slot. However, across different slots(staging vs production)
+            // these session keys are different. Thereby causing the loss of session upon a slot swap. Manually setting these values on role start ensures same
+            // keys are used by all the instances across all the slots of a Azure cloud service. See more analysis here: https://github.com/NuGet/Engineering/issues/1329
+            Trace.TraceInformation($"[{nameof(GalleryMachineKeyConfigurationProvider)}] Checking current gallery configuration.");
+            if (config.Current.EnableMachineKeyConfiguration
+                && !string.IsNullOrWhiteSpace(config.Current.MachineKeyDecryption)
+                && !string.IsNullOrWhiteSpace(config.Current.MachineKeyDecryptionKey)
+                && !string.IsNullOrWhiteSpace(config.Current.MachineKeyValidationAlgorithm)
+                && !string.IsNullOrWhiteSpace(config.Current.MachineKeyValidationKey))
+            {
+                Trace.TraceInformation($"[{nameof(GalleryMachineKeyConfigurationProvider)}] Using machine key settings from gallery configuration.");
+                xmlDoc.DocumentElement.SetAttribute("decryptionKey", config.Current.MachineKeyDecryptionKey);
+                xmlDoc.DocumentElement.SetAttribute("decryption", config.Current.MachineKeyDecryption);
+                xmlDoc.DocumentElement.SetAttribute("validationKey", config.Current.MachineKeyValidationKey);
+                xmlDoc.DocumentElement.SetAttribute("validation", config.Current.MachineKeyValidationAlgorithm);
+            }
+            else
+            {
+                Trace.TraceInformation($"[{nameof(GalleryMachineKeyConfigurationProvider)}] Gallery configuration does not have custom machine key settings.");
+            }
+
+            Trace.TraceInformation($"[{nameof(GalleryMachineKeyConfigurationProvider)}] Machine key configuration is complete.");
+
+            return xmlDoc.DocumentElement;
+        }
+
+        public override XmlNode Encrypt(XmlNode node)
+        {
+            throw new NotImplementedException();
+        }
+    }
+}

src/NuGetGallery/App_Start/OwinStartup.cs

@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Configuration;
 using System.Linq;
 using System.Net;
 using System.Threading;
@@ -12,7 +13,6 @@
 using System.Web.Http;
 using System.Web.Mvc;
 using Elmah;
-using Microsoft.Extensions.Logging;
 using Microsoft.Owin;
 using Microsoft.Owin.Logging;
 using Microsoft.Owin.Security;
@@ -26,8 +26,6 @@
 using NuGetGallery.Infrastructure;
 using Owin;
 
-using ILoggerFactory = Microsoft.Extensions.Logging.ILoggerFactory;
-
 [assembly: OwinStartup(typeof(NuGetGallery.OwinStartup))]
 
 namespace NuGetGallery
@@ -64,8 +62,19 @@ public static void Configuration(IAppBuilder app)
             var config = dependencyResolver.GetService<IGalleryConfigurationService>();
             var auth = dependencyResolver.GetService<AuthenticationService>();
 
-            // Configure machine key for session persistence across slots
-            SessionPersistence.Setup(config);
+            // Ensure the machine key provider has the shared configuration instance and force the machine key
+            // configuration section to be initialized. This is normally done only when the first request needs the
+            // machine key but we choose to aggressively execute the initialization here outside of the request context
+            // since it is internally awaiting an asynchronous API in a synchronous method. This cannot be done in a
+            // request context because it will cause a deadlock.
+            // 
+            // Note that is is technically possible for some code before this to initialize the machine key (e.g. by
+            // calling an API that uses the  machine key configuration). If this happens, the machine key will be
+            // fetched from KeyVault seperately. This will be slightly slower (two KeyVault secret resolutions instead
+            // of one) but will not be harmful.
+            GalleryMachineKeyConfigurationProvider.Configuration = config;
+            ConfigurationManager.GetSection("system.web/machineKey");
+
             // Refresh the content for the ContentObjectService to guarantee it has loaded the latest configuration on startup.
             var contentObjectService = dependencyResolver.GetService<IContentObjectService>();
             HostingEnvironment.QueueBackgroundWorkItem(async token =>

src/NuGetGallery/App_Start/SessionPersistence.cs

@@ -125,12 +125,12 @@
   </ItemGroup>
   <ItemGroup>
     <Compile Include="ActionName.cs" />
+    <Compile Include="App_Start\GalleryMachineKeyConfigurationProvider.cs" />
     <Compile Include="App_Start\LatestVersionRouteConstraint.cs" />
     <Compile Include="App_Start\NuGetODataV2FeedConfig.cs" />
     <Compile Include="App_Start\NuGetODataV1FeedConfig.cs" />
     <Compile Include="App_Start\NuGetODataConfig.cs" />
     <Compile Include="App_Start\StorageDependent.cs" />
-    <Compile Include="App_Start\SessionPersistence.cs" />
     <Compile Include="App_Start\WebApiConfig.cs" />
     <Compile Include="App_Start\AutofacConfig.cs" />
     <Compile Include="Areas\Admin\Controllers\ApiKeysController.cs" />

src/NuGetGallery/NuGetGallery.csproj

@@ -18,6 +18,11 @@
     <section name="dataCacheClients" type="Microsoft.ApplicationServer.Caching.DataCacheClientsSection, Microsoft.ApplicationServer.Caching.Core" allowLocation="true" allowDefinition="Everywhere"/>
     <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
   </configSections>
+  <configProtectedData>
+    <providers>
+      <add name="GalleryMachineKeyConfigurationProvider" type="NuGetGallery.GalleryMachineKeyConfigurationProvider, NuGetGallery"/>
+    </providers>
+  </configProtectedData>
   <appSettings>
     <!-- If you're running in Azure, we suggest you set these in your .cscfg file. -->
     <!-- ******************* -->
@@ -354,6 +359,9 @@
       <error statusCode="500" redirect="~/App_500.aspx"/>
     </customErrors>
     <sessionState mode="Off"/>
+    <machineKey configProtectionProvider="GalleryMachineKeyConfigurationProvider">
+      <EncryptedData/>
+    </machineKey>
   </system.web>
   <system.webServer>
     <tracing>