Post
Ask Question

In-Built Consent Feature By ASP.NET Core for GDPR Compliance

Introduction

 
What exactly is "Consent"? Let's understand it. 
 
Consent is nothing but taking permission or approval from the user that we are going to store their personal information based on some policy which we need to show them.
 
GDPR (which is General Data Protection Regulation) is one of the examples of a consent  requirement which is a regulation of EU (European Union) law for data protection and privacy in the European Union.
 
So based on the above law, it is now compulsory to take consent from the user while accessing a website which is asking for personal information from the user.
 
So as a result, the website needs to ask the user to accept the consent when they first visit a website which is GDPR (or any other law) enabled.
 
So the good news is ASP.NET Core hasan  in-built feature for asking and tracking consent for specific users, because now-a-days web sites store cookies on their browser which has some personal information.
 

How to use it?

 
Another piece of good news is that when you create a new ASP.NET Core project in VS 2019, a new partial view named _CookieConsentPartial.cshtml is automatically added in your project. So it means the template is ready.
 
This feature comes from the below namespace. 
  1. @using Microsoft.AspNetCore.Http.Features  
Next we need to set up something in Startup.Configure file in the project to enable consent.
  1. //Below are the minimum configuration required to make it enable    
  2. public void ConfigureServices(IServiceCollection services)      
  3. {      
  4.     services.Configure<CookiePolicyOptions>(options =>      
  5.     {      
  6.             options.CheckConsentNeeded = context => true;      
  7.             options.MinimumSameSitePolicy = SameSiteMode.None;      
  8.     });      
  9. }    
  10.   
  11. public void Configure(IApplicationBuilder app, IWebHostEnvironment env)   
  12. {   
  13.     app.UseCookiePolicy(););    
  14. }   
In the next stepwe  just need to create one partial view named "_CookieConsentPartial.cshtml" under shared folder as below.
  1. @using Microsoft.AspNetCore.Http.Features    
  2.     
  3. @{    
  4.     var consentFeatureFlag = Context.Features.Get<ITrackingConsentFeature>();    
  5.     var showBannerFlag = !consentFeatureFlag?.CanTrack ?? false;    
  6.     var cookieStr = consentFeatureFlag?.CreateConsentCookie();    
  7. }    
  8.     
  9. @if (showBannerFlag)    
  10. {    
  11.     <div id="cookieConsentdiv" class="required classes">    
  12.         Please read our website privacy and policy <a asp-page="/Privacy">Learn More</a>.    
  13.         <button type="button" class="accept-policy close" data-cookie-string="@cookieStr">    
  14.             <span aria-hidden="true">Accept</span>    
  15.         </button>    
  16.     </div>    
  17.     <script type="text/javascript">    
  18.         $(document).ready(function () {    
  19.             $("#cookieConsentdiv button[data-cookie-string]").bind("click"function () {    
  20.                 document.cookie = $("#cookieConsentdiv button").attr("data-cookie-string");    
  21.                 $("#cookieConsentdiv").hide();    
  22.             });    
  23.         });    
  24.     </script>    
  25. }    
Once we've finished the above creation then add that partial view in _Layout.cshtml as below per your design requirement 
  1. <div class="container otherclassname">    
  2.        <partial name="_CookieConsentPartial" />    
  3.        <main role="main" class="myrenderclass">    
  4.            @RenderBody()    
  5.        </main>    
  6.    </div>    
We are all set, our consent feature is  ready to serve you.
 
So we have all the required guidelines finished in this feature for GDPR compliance.
 
In the latest ASP.NET Core version this template and configuration are automatically added by Visual Studio. 
 
Hope this blog would help you! 
Next Recommended Reading Difference Between ASP.NET MVC And ASP.NET Core