IntelliTect
diff --git a/‎.github/workflows/Build-Test-And-Deploy.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/Build-Test-And-Deploy.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎Directory.Packages.props‎
Lines changed: 2 additions & 1 deletion b/‎Directory.Packages.props‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎EssentialCSharp.Web/Areas/Identity/Data/EssentialCSharpWebContext.cs‎
Lines changed: 5 additions & 4 deletions b/‎EssentialCSharp.Web/Areas/Identity/Data/EssentialCSharpWebContext.cs‎
Lines changed: 5 additions & 4 deletions
diff --git a/‎EssentialCSharp.Web/DatabaseMigrationService.cs‎
Lines changed: 12 additions & 6 deletions b/‎EssentialCSharp.Web/DatabaseMigrationService.cs‎
Lines changed: 12 additions & 6 deletions
diff --git a/‎EssentialCSharp.Web/EssentialCSharp.Web.csproj‎
Lines changed: 3 additions & 0 deletions b/‎EssentialCSharp.Web/EssentialCSharp.Web.csproj‎
Lines changed: 3 additions & 0 deletions
@@ -169,7 +169,7 @@ jobs:
               AZURE_CLIENT_ID=$AZURECLIENTID HCaptcha__SiteKey=secretref:captcha-sitekey HCaptcha__SecretKey=secretref:captcha-secretkey APPLICATIONINSIGHTS_CONNECTION_STRING=secretref:appinsights-connectionstring \
               AIOptions__Endpoint=secretref:ai-endpoint AIOptions__ApiKey=secretref:ai-apikey AIOptions__VectorGenerationDeploymentName=secretref:ai-vectordeployment AIOptions__ChatDeploymentName=secretref:ai-chatdeployment \
               AIOptions__SystemPrompt=secretref:ai-systemprompt ConnectionStrings__PostgresVectorStore=secretref:postgres-vectorstore-connectionstring \
-              TryDotNet__Origin=$TRYDOTNET_ORIGIN
+              TryDotNet__Origin=$TRYDOTNET_ORIGIN DataProtection__AzureKeyVaultKeyUri=$KEYVAULTURI/keys/dataprotection
 
       - name: Logout of Azure CLI
         if: always()
@@ -266,7 +266,7 @@ jobs:
               AZURE_CLIENT_ID=$AZURECLIENTID HCaptcha__SiteKey=secretref:captcha-sitekey HCaptcha__SecretKey=secretref:captcha-secretkey APPLICATIONINSIGHTS_CONNECTION_STRING=secretref:appinsights-connectionstring \
               AIOptions__Endpoint=secretref:ai-endpoint AIOptions__ApiKey=secretref:ai-apikey AIOptions__VectorGenerationDeploymentName=secretref:ai-vectordeployment AIOptions__ChatDeploymentName=secretref:ai-chatdeployment \
               AIOptions__SystemPrompt=secretref:ai-systemprompt ConnectionStrings__PostgresVectorStore=secretref:postgres-vectorstore-connectionstring \
-              TryDotNet__Origin=$TRYDOTNET_ORIGIN
+              TryDotNet__Origin=$TRYDOTNET_ORIGIN DataProtection__AzureKeyVaultKeyUri=$KEYVAULTURI/keys/dataprotection
 
 
       - name: Logout of Azure CLI
 
@@ -3,7 +3,7 @@
     <ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
     <CentralPackageTransitivePinningEnabled>false</CentralPackageTransitivePinningEnabled>
     <ToolingPackagesVersion>1.1.1.18932</ToolingPackagesVersion>
-    <AccessToNugetFeed>false</AccessToNugetFeed>
+    <AccessToNugetFeed Condition="'$(AccessToNugetFeed)' == ''">false</AccessToNugetFeed>
     <RestoreSources>
       https://api.nuget.org/v3/index.json;
     </RestoreSources>
@@ -19,6 +19,7 @@
     <PackageVersion Include="ContentFeedNuget" Version="$(ToolingPackagesVersion)" />
   </ItemGroup>
   <ItemGroup>
+    <PackageVersion Include="Azure.Extensions.AspNetCore.DataProtection.Keys" Version="1.6.1" />
     <PackageVersion Include="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" Version="10.0.6" />
     <PackageVersion Include="AspNet.Security.OAuth.GitHub" Version="10.0.0" />
     <PackageVersion Include="Azure.Extensions.AspNetCore.Configuration.Secrets" Version="1.5.0" />
 
@@ -1,16 +1,17 @@
 using EssentialCSharp.Web.Areas.Identity.Data;
+using Microsoft.AspNetCore.DataProtection.EntityFrameworkCore;
 using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore;
 
 namespace EssentialCSharp.Web.Data;
 
-public class EssentialCSharpWebContext(DbContextOptions options) : IdentityDbContext<EssentialCSharpWebUser>(options)
+public class EssentialCSharpWebContext(DbContextOptions<EssentialCSharpWebContext> options)
+    : IdentityDbContext<EssentialCSharpWebUser>(options), IDataProtectionKeyContext
 {
+    public DbSet<DataProtectionKey> DataProtectionKeys { get; set; } = null!;
+
     protected override void OnModelCreating(ModelBuilder builder)
     {
         base.OnModelCreating(builder);
-        // Customize the ASP.NET Identity model and override the defaults if needed.
-        // For example, you can rename the ASP.NET Identity table names and more.
-        // Add your customizations after calling base.OnModelCreating(builder);
     }
 }
@@ -3,14 +3,20 @@
 
 namespace EssentialCSharp.Web;
 
-public class DatabaseMigrationService(IServiceScopeFactory services) : BackgroundService
+/// <summary>
+/// Runs EF Core migrations synchronously in <see cref="StartAsync"/> so the schema
+/// is fully applied before the HTTP server begins accepting traffic. This prevents
+/// race conditions where a request touches the DataProtectionKeys (or Identity) tables
+/// before the migration that creates them has run.
+/// </summary>
+public class DatabaseMigrationService(IServiceScopeFactory services) : IHostedService
 {
-    public IServiceScopeFactory Services { get; } = services;
-
-    protected override async Task ExecuteAsync(CancellationToken stoppingToken)
+    public async Task StartAsync(CancellationToken cancellationToken)
     {
-        using IServiceScope scope = Services.CreateScope();
+        using IServiceScope scope = services.CreateScope();
         EssentialCSharpWebContext context = scope.ServiceProvider.GetRequiredService<EssentialCSharpWebContext>();
-        await context.Database.MigrateAsync(stoppingToken);
+        await context.Database.MigrateAsync(cancellationToken);
     }
+
+    public Task StopAsync(CancellationToken cancellationToken) => Task.CompletedTask;
 }
@@ -29,6 +29,8 @@
 
   <ItemGroup>
     <PackageReference Include="AspNet.Security.OAuth.GitHub" />
+    <PackageReference Include="Azure.Extensions.AspNetCore.DataProtection.Keys" />
+    <PackageReference Include="Azure.Identity" />
     <PackageReference Include="Azure.Monitor.OpenTelemetry.AspNetCore" />
     <PackageReference Include="EssentialCSharp.Shared.Models" />
     <PackageReference Include="HtmlAgilityPack" />
@@ -38,6 +40,7 @@
     <PackageReference Include="Microsoft.AspNetCore.Authentication.MicrosoftAccount" />
     <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" />
     <PackageReference Include="Microsoft.AspNetCore.Identity.UI" />
+    <PackageReference Include="Microsoft.AspNetCore.DataProtection.EntityFrameworkCore" />
     <PackageReference Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Tools">
Original file line number	Diff line number	Diff line change
`@@ -1,16 +1,17 @@`
`1`	`1`	`using EssentialCSharp.Web.Areas.Identity.Data;`
	`2`	`+using Microsoft.AspNetCore.DataProtection.EntityFrameworkCore;`
`2`	`3`	`using Microsoft.AspNetCore.Identity.EntityFrameworkCore;`
`3`	`4`	`using Microsoft.EntityFrameworkCore;`
`4`	`5`
`5`	`6`	`namespace EssentialCSharp.Web.Data;`
`6`	`7`
`7`		`-public class EssentialCSharpWebContext(DbContextOptions options) : IdentityDbContext<EssentialCSharpWebUser>(options)`
	`8`	`+public class EssentialCSharpWebContext(DbContextOptions<EssentialCSharpWebContext> options)`
	`9`	`+ : IdentityDbContext<EssentialCSharpWebUser>(options), IDataProtectionKeyContext`
`8`	`10`	`{`
	`11`	`+ public DbSet<DataProtectionKey> DataProtectionKeys { get; set; } = null!;`
	`12`	`+`
`9`	`13`	`protected override void OnModelCreating(ModelBuilder builder)`
`10`	`14`	`{`
`11`	`15`	`base.OnModelCreating(builder);`
`12`		`- // Customize the ASP.NET Identity model and override the defaults if needed.`
`13`		`- // For example, you can rename the ASP.NET Identity table names and more.`
`14`		`- // Add your customizations after calling base.OnModelCreating(builder);`
`15`	`16`	`}`
`16`	`17`	`}`