stackoom
  简体   繁体   中英

How to configure IdentityServer in ASP.NET Core 3.1 production

 原文  2021-08-27 14:11:06       c#/ asp.net-core/ asp.net-identity/ asp.net-core-3.1

Question

I'm trying to run an ASP.NET Core 3.1 application, which works fine in development but in a production environment, I get the following error.

An error occurred while starting the application.
InvalidOperationException: Key type not specified.

Microsoft.AspNetCore.ApiAuthorization.IdentityServer.ConfigureSigningCredentials.LoadKey()

InvalidOperationException: Key type not specified. Microsoft.AspNetCore.ApiAuthorization.IdentityServer.ConfigureSigningCredentials.LoadKey() Microsoft.AspNetCore.ApiAuthorization.IdentityServer.ConfigureSigningCredentials.Configure(ApiAuthorizationOptions options) Microsoft.Extensions.Options.OptionsFactory.Create(string name) ...

My appsettings.json contains

"IdentityServer": {
    "Clients": {
      "TestProjct": {
        "Profile": "IdentityServerSPA"
      }
    }
  },

and appsettings.Development.json contains

"IdentityServer": {
    "Key": {
      "Type": "Development"
    }
  }

I would like to configure the key for running in production but I'm unable to find documentation that states the different ways of configuring the key.

I've found an example that show using a .pfx file and the certificate store, but I would like to see everything that's available. Does anyone know where I can find documentation for this? Or could supply some additional examples of how to configure the key for production?

1 answers

solution1
 1 ACCPTED  2021-08-27 17:46:29

As asp.net core 3.1 not yet support import the key right from .pem file, then a .pfx file like your example link is a fair enough approach. I highly suggest you to generate yourself one, openSSL is a widely used tool.

And Behind the screen, Identity server allow you to pass a security key in .AddSigningCredential() , which is exactly the thing IdentityServer yelling at you.

So another apprach would be generate a RSA or ECDSA key to pass them in. Something like:

// Generate the key programetically
using var keyProvider = new RSACryptoServiceProvider();
keyProvider.KeySize = 2048; // the default was 1024
var xmlKey = keyProvider.ToXmlString(true); // store the key as string somewhere

// Create the key and use it for jwt signing
var rsa = RSA.Create();
rsa.FromXmlString(xmlKey);

// On your startup
services.AddIdentityServer()
    ...
    .AddSigningCredential(new RsaSecurityKey(rsa))
    ...;

You can obviously using other approach that generate a pfx file. But i personally prefer it over passing a key like this. At least the key could be generate using widely accepted tool if you choose the file approach.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET Core 3.1 MVC AddOpenIDConnect with IdentityServer3 How to migrate IdentityServer Bearer Token Authentication from asp.net to .net core 3.1 ASP.NET Core 3.1 - Configure custom JSON in Startup How to configure Azure App Service application settings for ASP.NET Core 3.1? How do I configure Identity in asp net core 3.1? asp.net core 3 and identityserver4 IdentityServer4 Asp.Net Core Identity IdentityServer, ASP.NET Core and Web API IdentityServer and CertificateValidation ASP.NET Core How to use protobuf-net 3 with ASP.NET Core 3.1
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM