Set up App and API Protection for .NET in Docker

문서 > Datadog 보안 > 애플리케이션 보안 관리 > Enabling App and API Protection > Enabling AAP for .NET > Set up App and API Protection for .NET in Docker

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

You can enable App and API Protection for .NET services with the following setup options:

If your .NET service already has APM tracing set up and running, then skip to service configuration.
If your .NET service doesn't have APM tracing set up, you can easily enable App and API Protection with Datadog's Automatic Installation.
Otherwise, continue reading the manual setup instructions below.

Overview

App and API Protection leverages the Datadog .NET library to monitor and secure your .NET service. The library integrates seamlessly with your existing application without requiring code changes.

For detailed compatibility information, including supported DOTNET versions, frameworks, and deployment environments, see .NET Compatibility Requirements.

This guide explains how to set up App and API Protection (AAP) for .NET applications. The setup involves:

Installing the Datadog Agent.
Enabling App and API Protection monitoring.
Running your .NET application with the Datadog Agent.
Verifying the setup.

Prerequisites

Docker installed on your host
.NET application containerized with Docker
Your Datadog API key
Datadog .NET tracing library (see version requirements here)

1. Installing the Datadog Agent

Install the Datadog Agent by following the Agent setup instructions for Docker.

2. Enabling App and API Protection monitoring

Automatically enabling App and API Protection through Remote Configuration

You can enable remote configuration on your services dashboard. Simply check the box for the service you want to enable App and API Protection for under "Activate on your APM services".

Manually enabling App and API Protection monitoring

Add the following lines to download and enable the DataDog tracer to your docker file:

# Download and install Datadog .NET Tracer
ENV DD_TRACE_VERSION=3.20.0
RUN curl -sSL https://github.com/DataDog/dd-trace-dotnet/releases/download/v${DD_TRACE_VERSION}/datadog-dotnet-apm-${DD_TRACE_VERSION}.linux-x64.tar.gz \
    | tar -xz -C /opt/datadog

# Set environment variables for Datadog automatic instrumentation
ENV CORECLR_ENABLE_PROFILING=1 \
    CORECLR_PROFILER="{846F5F1C-F9AE-4B07-969E-05C26BC060D8}" \
    CORECLR_PROFILER_PATH=/opt/datadog/Datadog.Trace.ClrProfiler.Native.so \
    DD_DOTNET_TRACER_HOME=/opt/datadog \

APM Tracing Enabled

Add the following environment variables to your Dockerfile:

# Set environment variables
ENV DD_APPSEC_ENABLED=true
ENV DD_SERVICE=<YOUR_SERVICE_NAME>
ENV DD_ENV=<YOUR_ENVIRONMENT>

APM Tracing Disabled

To disable APM tracing while keeping App and API Protection enabled, you must set the APM tracing variable to false.

# Set environment variables
ENV DD_APPSEC_ENABLED=true
ENV DD_APM_TRACING_ENABLED=false
ENV DD_SERVICE=<YOUR_SERVICE_NAME>
ENV DD_ENV=<YOUR_ENVIRONMENT>

3. Run your application

Build your image and then run your container.

When running your container, ensure you do the following:

Connect the container to the same Docker network as the Datadog Agent.
Set the required environment variables.

docker run -d \
  --name your-dotnet-app \
  your-dotnet-app-image

4. Verify setup

To verify that App and API Protection is working correctly:

Send some traffic to your application
Check the Application Signals Explorer in Datadog
Look for security signals and vulnerabilities

Troubleshooting

If you encounter issues while setting up App and API Protection for your .NET application, see the .NET App and API Protection troubleshooting guide.