发表新帖
发表新帖

IdentityServer4 not working in production

后端 未结
关注
3 753
渐次进展
渐次进展 2020-12-11 01:42

I am using IdentityServer4 with React start project from ASP.NET Core 3.0. preview 4 and it works perfectly until I build the solution and try to run it from cmd prompt usin

相关标签:
3条回答
  • 忘掉有多难
    2020-12-11 02:13

    If you want to use *.pfx

    "Key": {
  "Type": "File",
  "FilePath": "certificate.pfx",
  "Password": "password:!"
}

    And read this thread if you have this error WindowsCryptographicException: Keyset does not exist

    internal.cryptography.cryptothrowhelper+windowscryptographicexception keyset does not exist
    0 讨论(0)
  • 轮回少年
    2020-12-11 02:21

    So I was able to solve my issues using this piece of documentation: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-api-authorization?view=aspnetcore-3.0#example-deploy-to-azure-websites

    I had to enable "Copy if newer" to the appsettings.json properties so that it would get copied to the build folder.

    I also added the following to the appsettings.json file:

    "IdentityServer": {
"Clients": {
  "Client": {
    "Profile": "IdentityServerSPA"
  }
},
"Key": {
  "Type": "Store",
  "StoreName": "My",
  "StoreLocation": "LocalMachine",
  "Name": "CN=SigningCertificate"
}
}

    Now the Key.Type is specified, which means that we can now just add the following to the startup.cs:

    // Configure IdentityServer4
var identityBuilder = services.AddIdentityServer();
identityBuilder.AddApiAuthorization<ApplicationUser, ApplicationDbContext>();

if (!Environment.IsDevelopment())
     identityBuilder.AddSigningCredentials();

    I still do not understand why other people are not experiencing this issue, since I am not able to find any other threads on this issue and the regular way seems to work for everyone else. The only downside to this is that I need to install the certificate on the machine now instead of getting it as file.

    0 讨论(0)
  • 梦谈多话
    2020-12-11 02:23

    Here is how I solved it in Docker for Blazor WebAssembly. My answer is mostly based on this thread. Keep in mind that, although it works, it may not be production-ready, nor safe. I know little about IdentityServer.

    appsettings.json:

    "IdentityServer": {
    //[...]

    "Key": {
      "Type": "File",
      "FilePath": "/path_to_certificate_here/server.pfx",
      "Password": "password_specified_later"
    }
  }

    FilePath is where you physically placed your certificate (generated in next step of this answer). Password is being configured while generating certificate.

    Generating certificate:

    Source. This might not be production-ready either.

    $ openssl genrsa 2048 > server_private.pem
$ openssl req -x509 -days 1000 -new -key server_private.pem -out server_public.pem
$ openssl pkcs12 -export -in server_public.pem -inkey server_private.pem -out server.pfx

    Keep in mind that certificate will expire (-days attribute in 2nd command).

    Working with Docker

    There are some answers advising to include certificate in build folder or keep it with project source code. I personally don't think it's a good idea. I'm generating certificates manually on my server in separated folder, then I'm creating Docker volume pointing to folder where I placed them.

    0 讨论(0)
 看不清?
提交回复
热议问题