发表新帖
发表新帖

How to deploy ASP.NET Core UserSecrets to production

后端 未结
关注
2 2049
说谎
说谎 2021-01-01 09:30

I followed the Safe storage of app secrets during development guide over on the asp.net docs during development but it does not describe how to use it when publishing to ano

相关标签:
2条回答
  • 名媛妹妹
    2021-01-01 09:45

    Why "don't use app secrets in production". Is it encrypted secrets safe? It's very acceptable for app configuration, for example, your mentioned SendGrid for password recovery. Is it configuration secrets at all in server? Why do I prohibited? Just copy compiled from development to production and it works.

    Startup.cs

        public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
        var builder = new ConfigurationBuilder().AddUserSecrets<Startup>();
        Konfiguration = builder.Build();
    }

    public IConfiguration Configuration { get; }

    public IConfiguration Konfiguration { get; }

    public void ConfigureServices(IServiceCollection services)
           ....
        services.AddSingleton<IEmailSender, EmailSender>();
        services.Configure<AuthMessageSenderOptions>(Configuration);
        if (Configuration["SendGridKey"] != null)
            return;
        // linux'e secrets.json nenuskaitomas
        services.Configure<AuthMessageSenderOptions>(options => {
            options.SendGridKey = Konfiguration["SendGridKey"];
            options.SendGridUser = Konfiguration["SendGridUser"];
        });
    }

    HomeController.cs

        private readonly IOptions<AuthMessageSenderOptions> _optionsAccessor;

    public HomeController(..., IOptions<AuthMessageSenderOptions> optionsAccessor)
    {
        ...
        _optionsAccessor = optionsAccessor;
    }

    public IActionResult Index(...)
    {
        if (_optionsAccessor.Value.SendGridUser != null)
            ModelState.AddModelError("", _optionsAccessor.Value.SendGridUser);
        ....

    Go forward with "Enable account confirmation and password recovery" https://docs.microsoft.com/en-us/aspnet/core/security/authentication/accconfirm?view=aspnetcore-2.1&tabs=visual-studio#configure-email-provider

    0 讨论(0)
  • 渐次进展
    2021-01-01 09:48

    Don't use app secrets in production. Ever. As the article says DURING DEVELOPMENT.

    How you publish secrets in production is up to your production environment. Linux, Windows and Azure all support environment variables - that's where your secrets should go, using whatever UI your hosting provider gives you.

    The app settings documentation goes into this in greater detail

    0 讨论(0)
 看不清?
提交回复
热议问题