Why does IDataProtection derive from IDataProtectionProvider?
Tornhoof opened this issue · 2 comments
Can anyone please explain the design decision why IDataProtection derives from IDataProtectionProvider?
Reason:
IDataProtectionProvider has a method CreateProtector which returns IDataProtection.
This obviously makes sense because the provider should create the protector for a specific purpose.
But why should the actual protector implementation have that method too?
To call it you obviously need to create an instance of the protector first, then call it to create another protector which creates the one specific to the purpose?
You shouldn't be creating a protector which doesn't have a purpose, but you can have a common parent protector, which can then unprotect things protected with protectors created from it. Which, for example, is useful in multi-tenancy. https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/consumer-apis/purpose-strings-multitenancy has some discussion.
Thank you for your answer.