IdentityServer4 在生产中不工作

IT技术 asp.net reactjs identityserver4
2021-04-03 14:27:53

我正在使用 IdentityServer4 和来自 ASP.NET Core 3.0 的 React 启动项目。预览 4,它运行完美,直到我构建解决方案并尝试使用 dotnet 命令从 cmd 提示符运行它。每次启动应用程序时,它都会告诉我未指定密钥类型。

我尝试了各种生成证书的指南,因为我对 .NET 中的证书没有任何经验。我提到这一点是为了防止问题可能是由不正确的证书生成方式引起的。

我还尝试将密钥类型添加到 Appsettings.json,但我不知道该类型可能是什么。我整天都在谷歌搜索有关如何配置 IdentityServer4 以进行部署的文档,但似乎没有人遇到此问题或需要任何帮助来生成正确的证书。

我可以在 Visual Studio 中运行应用程序,只要我指定它是一个开发环境。

当我切换到生产或构建解决方案并从命令提示符运行它时,会发生以下堆栈跟踪:

info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0]
      User profile is available. Using 'C:\Users\username\AppData\Local\ASP.NET\DataProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest.
info: IdentityServer4.Startup[0]
      Starting IdentityServer4 version 3.0.0.0
info: Microsoft.Extensions.DependencyInjection.ConfigureApiResources[0]
      Configuring local API resource 'Codellic.WebAPI'.
Application startup exception: System.InvalidOperationException: Key type not specified.
   at Microsoft.AspNetCore.ApiAuthorization.IdentityServer.ConfigureSigningCredentials.LoadKey()
   at Microsoft.AspNetCore.ApiAuthorization.IdentityServer.ConfigureSigningCredentials.Configure(ApiAuthorizationOptions options)
   at Microsoft.Extensions.Options.OptionsFactory`1.Create(String name)
   at Microsoft.Extensions.Options.OptionsManager`1.<>c__DisplayClass5_0.<Get>b__0()
   at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
   at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
   at System.Lazy`1.CreateValue()
   at System.Lazy`1.get_Value()
   at Microsoft.Extensions.Options.OptionsCache`1.GetOrAdd(String name, Func`1 createOptions)
   at Microsoft.Extensions.Options.OptionsManager`1.Get(String name)
   at Microsoft.Extensions.Options.OptionsManager`1.get_Value()
   at Microsoft.Extensions.DependencyInjection.IdentityServerBuilderConfigurationExtensions.<>c.<AddClients>b__7_1(IServiceProvider sp)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitFactory(FactoryCallSite factoryCallSite, RuntimeResolverContext context)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitCache(ServiceCallSite scopedCallSite, RuntimeResolverContext context, ServiceProviderEngineScope serviceProviderEngine, RuntimeResolverLock lockType)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite singletonCallSite, RuntimeResolverContext context)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitDisposeCache(ServiceCallSite transientCallSite, RuntimeResolverContext context)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitDisposeCache(ServiceCallSite transientCallSite, RuntimeResolverContext context)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.DynamicServiceProviderEngine.<>c__DisplayClass1_0.<RealizeService>b__0(ServiceProviderEngineScope scope)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngine.GetService(Type serviceType, ServiceProviderEngineScope serviceProviderEngineScope)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngineScope.GetService(Type serviceType)
   at Microsoft.AspNetCore.Builder.IdentityServerApplicationBuilderExtensions.TestService(IServiceProvider serviceProvider, Type service, ILogger logger, String message, Boolean doThrow)
   at Microsoft.AspNetCore.Builder.IdentityServerApplicationBuilderExtensions.Validate(IApplicationBuilder app)
   at Microsoft.AspNetCore.Builder.IdentityServerApplicationBuilderExtensions.UseIdentityServer(IApplicationBuilder app)
   at Codellic.Startup.Configure(IApplicationBuilder app) in A:\ProjectFolder\Startup.cs:line 79
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.AspNetCore.Hosting.Internal.ConventionBasedStartup.Configure(IApplicationBuilder app)
   at Microsoft.AspNetCore.Mvc.Filters.MiddlewareFilterBuilderStartupFilter.<>c__DisplayClass0_0.<Configure>g__MiddlewareFilterBuilder|0(IApplicationBuilder builder)
   at Microsoft.AspNetCore.HostFilteringStartupFilter.<>c__DisplayClass0_0.<Configure>b__0(IApplicationBuilder app)
   at Microsoft.AspNetCore.Hosting.Internal.WebHost.BuildApplication()
crit: Microsoft.AspNetCore.Hosting.Internal.WebHost[6]
      Application startup exception
System.InvalidOperationException: Key type not specified.
   at Microsoft.AspNetCore.ApiAuthorization.IdentityServer.ConfigureSigningCredentials.LoadKey()
   at Microsoft.AspNetCore.ApiAuthorization.IdentityServer.ConfigureSigningCredentials.Configure(ApiAuthorizationOptions options)
   at Microsoft.Extensions.Options.OptionsFactory`1.Create(String name)
   at Microsoft.Extensions.Options.OptionsManager`1.<>c__DisplayClass5_0.<Get>b__0()
   at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
   at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
   at System.Lazy`1.CreateValue()
   at System.Lazy`1.get_Value()
   at Microsoft.Extensions.Options.OptionsCache`1.GetOrAdd(String name, Func`1 createOptions)
   at Microsoft.Extensions.Options.OptionsManager`1.Get(String name)
   at Microsoft.Extensions.Options.OptionsManager`1.get_Value()
   at Microsoft.Extensions.DependencyInjection.IdentityServerBuilderConfigurationExtensions.<>c.<AddClients>b__7_1(IServiceProvider sp)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitFactory(FactoryCallSite factoryCallSite, RuntimeResolverContext context)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitCache(ServiceCallSite scopedCallSite, RuntimeResolverContext context, ServiceProviderEngineScope serviceProviderEngine, RuntimeResolverLock lockType)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite singletonCallSite, RuntimeResolverContext context)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitDisposeCache(ServiceCallSite transientCallSite, RuntimeResolverContext context)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitDisposeCache(ServiceCallSite transientCallSite, RuntimeResolverContext context)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.DynamicServiceProviderEngine.<>c__DisplayClass1_0.<RealizeService>b__0(ServiceProviderEngineScope scope)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngine.GetService(Type serviceType, ServiceProviderEngineScope serviceProviderEngineScope)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngineScope.GetService(Type serviceType)
   at Microsoft.AspNetCore.Builder.IdentityServerApplicationBuilderExtensions.TestService(IServiceProvider serviceProvider, Type service, ILogger logger, String message, Boolean doThrow)
   at Microsoft.AspNetCore.Builder.IdentityServerApplicationBuilderExtensions.Validate(IApplicationBuilder app)
   at Microsoft.AspNetCore.Builder.IdentityServerApplicationBuilderExtensions.UseIdentityServer(IApplicationBuilder app)
   at Codellic.Startup.Configure(IApplicationBuilder app) in A:\ProjectFolder\Startup.cs:line 79
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.AspNetCore.Hosting.Internal.ConventionBasedStartup.Configure(IApplicationBuilder app)
   at Microsoft.AspNetCore.Mvc.Filters.MiddlewareFilterBuilderStartupFilter.<>c__DisplayClass0_0.<Configure>g__MiddlewareFilterBuilder|0(IApplicationBuilder builder)
   at Microsoft.AspNetCore.HostFilteringStartupFilter.<>c__DisplayClass0_0.<Configure>b__0(IApplicationBuilder app)
   at Microsoft.AspNetCore.Hosting.Internal.WebHost.BuildApplication()

Unhandled Exception: System.InvalidOperationException: Key type not specified.
   at Microsoft.AspNetCore.ApiAuthorization.IdentityServer.ConfigureSigningCredentials.LoadKey()
   at Microsoft.AspNetCore.ApiAuthorization.IdentityServer.ConfigureSigningCredentials.Configure(ApiAuthorizationOptions options)
   at Microsoft.Extensions.Options.OptionsFactory`1.Create(String name)
   at Microsoft.Extensions.Options.OptionsManager`1.<>c__DisplayClass5_0.<Get>b__0()
   at System.Lazy`1.ViaFactory(LazyThreadSafetyMode mode)
   at System.Lazy`1.ExecutionAndPublication(LazyHelper executionAndPublication, Boolean useDefaultConstructor)
   at System.Lazy`1.CreateValue()
   at System.Lazy`1.get_Value()
   at Microsoft.Extensions.Options.OptionsCache`1.GetOrAdd(String name, Func`1 createOptions)
   at Microsoft.Extensions.Options.OptionsManager`1.Get(String name)
   at Microsoft.Extensions.Options.OptionsManager`1.get_Value()
   at Microsoft.Extensions.DependencyInjection.IdentityServerBuilderConfigurationExtensions.<>c.<AddClients>b__7_1(IServiceProvider sp)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitFactory(FactoryCallSite factoryCallSite, RuntimeResolverContext context)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitCache(ServiceCallSite scopedCallSite, RuntimeResolverContext context, ServiceProviderEngineScope serviceProviderEngine, RuntimeResolverLock lockType)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite singletonCallSite, RuntimeResolverContext context)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitDisposeCache(ServiceCallSite transientCallSite, RuntimeResolverContext context)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitDisposeCache(ServiceCallSite transientCallSite, RuntimeResolverContext context)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor`2.VisitCallSite(ServiceCallSite callSite, TArgument argument)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.DynamicServiceProviderEngine.<>c__DisplayClass1_0.<RealizeService>b__0(ServiceProviderEngineScope scope)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngine.GetService(Type serviceType, ServiceProviderEngineScope serviceProviderEngineScope)
   at Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngineScope.GetService(Type serviceType)
   at Microsoft.AspNetCore.Builder.IdentityServerApplicationBuilderExtensions.TestService(IServiceProvider serviceProvider, Type service, ILogger logger, String message, Boolean doThrow)
   at Microsoft.AspNetCore.Builder.IdentityServerApplicationBuilderExtensions.Validate(IApplicationBuilder app)
   at Microsoft.AspNetCore.Builder.IdentityServerApplicationBuilderExtensions.UseIdentityServer(IApplicationBuilder app)
   at Codellic.Startup.Configure(IApplicationBuilder app) in A:\ProjectFolder\Startup.cs:line 79
--- End of stack trace from previous location where exception was thrown ---
   at Microsoft.AspNetCore.Hosting.Internal.ConventionBasedStartup.Configure(IApplicationBuilder app)
   at Microsoft.AspNetCore.Mvc.Filters.MiddlewareFilterBuilderStartupFilter.<>c__DisplayClass0_0.<Configure>g__MiddlewareFilterBuilder|0(IApplicationBuilder builder)
   at Microsoft.AspNetCore.HostFilteringStartupFilter.<>c__DisplayClass0_0.<Configure>b__0(IApplicationBuilder app)
   at Microsoft.AspNetCore.Hosting.Internal.WebHost.BuildApplication()
   at Microsoft.AspNetCore.Hosting.Internal.WebHost.StartAsync(CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token, String startupMessage)
   at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token, String startupMessage)
   at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token)
   at Microsoft.AspNetCore.Hosting.WebHostExtensions.Run(IWebHost host)
   at Codellic.Program.Main(String[] args) in A:\ProjectFolder\Program.cs:line 16

如果有人能将我从这种情况中解救出来,我将不胜感激。

这是我的第一篇文章,所以如果需要更多信息,请随时问我。

5个回答

如果你想使用 *.pfx

"Key": {
  "Type": "File",
  "FilePath": "certificate.pfx",
  "Password": "password:!"
}

如果您遇到此错误,请阅读此线程 WindowsCryptographicException: Keyset does not exist

internal.cryptography.cryptothrowhelper+windowscryptographicexception keyset does not exist
您是从哪里了解到此设置的?它对开发环境非常有帮助,我还没有在任何官方 IS 文档中看到它。
2021-05-24 14:27:53
为了未来的读者,将.pfx在项目的根文件,你可以创建这样的,然后把它包含在你的build文件夹这样
2021-06-15 14:27:53

所以我能够使用这段文档解决我的问题:https : //docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-api-authorization?view=aspnetcore-3.0#example-部署到天蓝色网站

我必须为 appsettings.json 属性启用“如果更新则复制”,以便将其复制到构建文件夹。

我还在 appsettings.json 文件中添加了以下内容:

"IdentityServer": {
"Clients": {
  "Client": {
    "Profile": "IdentityServerSPA"
  }
},
"Key": {
  "Type": "Store",
  "StoreName": "My",
  "StoreLocation": "LocalMachine",
  "Name": "CN=SigningCertificate"
}
}

现在 Key.Type 已指定,这意味着我们现在可以将以下内容添加到 startup.cs:

// Configure IdentityServer4
var identityBuilder = services.AddIdentityServer();
identityBuilder.AddApiAuthorization<ApplicationUser, ApplicationDbContext>();

if (!Environment.IsDevelopment())
     identityBuilder.AddSigningCredentials();

我仍然不明白为什么其他人没有遇到这个问题,因为我找不到关于这个问题的任何其他线程,而且常规方法似乎对其他人都有效。唯一的缺点是我现在需要在机器上安装证书而不是将其作为文件获取。

我用 docker 试过你的回答我得到了这个日志 Application startup exception: System.Security.Cryptography.CryptographicException: Unix LocalMachine X509Store is limited to the Root and CertificateAuthority stores. ---> System.PlatformNotSupportedException: Unix LocalMachine X509Store is limited to the Root and CertificateAuthority stores.
2021-05-25 14:27:53
抱歉,因为我只使用Windows服务器,所以我通常使用Windows MMC将其添加到商店中。所以我不能真正帮助你,也许还有其他人从应用程序中向商店添加证书。
2021-05-28 14:27:53
感谢您的支持,但您能帮我使用密钥类型吗file我有自签名证书,.pfx但我找不到任何文档将其添加到 appsettings.json
2021-06-06 14:27:53
当您说您必须启用“如果更新则复制”时,您是在哪里做的?
2021-06-18 14:27:53
我对 Linux 不太熟悉,但您似乎无法访问 LocalMachine 商店。对于 Linux 映像,我将证书添加到 CurrentUser 存储并将密钥描述的应用设置更改为:"Key": { "Type": "Store", "StoreName": "My", "StoreLocation": "CurrentUser ", "Name": "CN=CodellicSigningCertificate" }
2021-06-19 14:27:53

这是我在 Docker for Blazor WebAssembly 中解决它的方法。我的回答主要基于这个线程请记住,虽然它有效,但它可能不是生产就绪的,也不安全。我对 IdentityServer 知之甚少。

appsettings.json:

"IdentityServer": {
    //[...]

    "Key": {
      "Type": "File",
      "FilePath": "/path_to_certificate_here/server.pfx",
      "Password": "password_specified_later"
    }
  }

FilePath是您实际放置证书的位置(在此答案的下一步中生成)。Password正在生成证书时进行配置。

生成证书:

来源这也可能不是生产就绪的。

$ openssl genrsa 2048 > server_private.pem
$ openssl req -x509 -days 1000 -new -key server_private.pem -out server_public.pem
$ openssl pkcs12 -export -in server_public.pem -inkey server_private.pem -out server.pfx

请记住,证书将过期(-days第二个命令中的属性)。

使用 Docker

有一些答案建议将证书包含在build文件夹中或将其与项目源代码一起保存。我个人认为这不是一个好主意。我在我的服务器上的单独文件夹中手动生成证书,然后我创建指向我放置它们的文件夹的 Docker 卷。

除了已接受的答案,如果有人想SigningCredentials使用AsymmetricSecurityKeyappsettings.json 中而不是“密钥”配置创建自己的答案,以下内容也可以解决问题。

  1. 首先在 xml 文件中定义 RSA 参数或存储在应用程序资源文件中:例如(工作示例),
<RSAKeyValue>
    <Modulus>9+hZCiZrVpqe1t+Q4HOfzrmmkNkNPurX3btOva9Hdx1lIKV7ndeVGCq71plXhW78krXdcDSSeOEVf8W51/Qq0ai8Rg9P1XIcedVgIj7MiHZ+k/rcnq1Y9yg6d1DHXtlAJLasvhCc3o+9inXh2DAzllIxyy4FabS51dRyWDBMA2LS8kS3o5UdcVQYoY+B/9d8qVHmlbQNuao3NL/UqVo6UKnGidSjTQMyPkPJEmpul9C3Cn8Tm7zqKidk2A/obU5bmBFfivhPGoFnahYMs635LpitEPdJGQCfzcmLyE9y23cPyPzowkB/zsONCgWoxglst95vKRWgyXgBXAiSbKtaFQ==</Modulus>
    <Exponent>AQAB</Exponent>
    <P>/dJVFnxsOJsSZpeK698QH7x/j9UeLlYrWuRsC6BTyPs/YE+aWiZpRkjz6uZcgkCeNVwxU8IdGukyrt87dcgrwuE/QM02ZqINZ65rGXR2/GA9WwmMD+Sf89q10emNURtquP2hF7mE8j224rsNv7+c7VPJmQ5VaXbDyeTYdea4pm8=</P>
    <Q>+gkFmWWeWgh1LWJVzzxX0nr8ebQWwut/ca9dnyQf2QeSmVnc+BpFSTJoaUp4TmCkVrDOxVszvUHA7jOQrUHxmHUJ5QCxM/hVN34iVKj5Ic3vZJAMeqc2bsmeFwlKRrXMNSHiju5bQnWymO72Y7T9Ldkqvjke43adto25eEH+Kbs=</Q>
    <DP>y1N5a9jiDHpUxDAzTf3TecjTWtH7Kl1Gv7npv2qAk6iIvUsnN347qNz54DsG8iR3WAFxVkpSbGNQgXs7s39VZvhvZia9pHu+R0cWbj64rjUeEVZVh8m6RGr4aZ4w4T8YP/aU3F9122OKpJf5TJhfSlJrVRuBWkmUT5/tsozPcCs=</DP>
    <DQ>PcSIy5JdAiTgvatzQ1TG5UpYoMAqd1CyFSWbXTsRWw4R2yxl+CyVPTXksU4iVkptjrTy/7I+H9zkinPWo9aMlnsjTJ1VKV+JvcG9PWjY0s8K+q7TRmGUgt3v3gT/gmRa5C1QyLp9dPeafUlbONp3SSJC+ucliE+/Ol/cl6bF4Q0=</DQ>
    <InverseQ>zNXj2pFcx1w+pZqzGCbAwlWDUDd2BtK9t5dTYMTHMCXUCizb0Jiai9cdH6kstoqM4TkL8KTEl3sA6RCm5qpgBPMAT18F6VPzXFUErDtkOGwIuifid3L+CBQ1fjoBZqdC8LfAen3LT5wVn0p6lMouWoAX/NRJnjQGsO/LOHQVJjk=</InverseQ>
    <D>1CJujtDxaNpGsXf9cRN/3FXgwnH5c61hqsttRcOHU9ZDgvwYG6kuW8+1jJ0K15NxbdlR84IJFIcG7p8zuCenvGC3Ovw/RFaxJ0//Q06ZluxOxDIWN3H+fwBdh1wIPpGI4eGvT7THh2tYtfLJn0Uf37HWChcHarzLiL6SWgR6ByoKUEFTAbqbrB8mJJbaev83aNGopdjfc4+MntAGaWkpSvMuzY8Mm5CQ9lc5HQ/6a9Cb2O+fSi8P92FHwPWNIqP7pE7BmZeB3WB52K3fhpDHpkS0n0DjrchHLgMLo788IDlglLS+a/OaUX1xAMZMXrLzA/vtE5YJPHvFNAHh7oSCwQ==</D>
</RSAKeyValue>
  1. 然后,我们可以使用 RSA 辅助方法读取参数以创建AsymmetricSecurityKey. 我为我的项目创建了以下帮助程序类:
using System.Security.Cryptography;
public static class MyKeyStore
    {
        public static AsymmetricSecurityKey Key;

        static MyKeyStore()
        {
            var props = RSA.Create();
            props.FromXmlString(Resources.RsaProps);
            Key = new RsaSecurityKey(props);
        }
    }
  1. 修改 Startup.cs 类,使用上面的 helper 类生成SigningCredentials. 例如,
// configure IDS
 services.AddIdentityServer(options =>
            {
                // ...

            }).AddApiAuthorization<ApplicationUser, ApplicationDbContext>
            (options => { options.SigningCredential = new SigningCredentials(MyKeyStore.Key, SecurityAlgorithms.RsaSha512);});

请注意,如果您想知道一个工作示例,我最近在一个演示项目中使用了它,该项目目前正在运行和 Azure。是启动文件,是完整的项目。

使用.pfx文件时出现以下错误:

Blazor - app.UseIdentityServer(); 使用 .pfx 密钥文件 - 解析数字时遇到意外字符

我还必须使我Azure App Service能够通过Azure Cloud Shell. 在这里完成指南以避免复制答案:

https://stackoverflow.com/a/66448397/3850405

其它你可能感兴趣的问题
上一篇react错误边界不适用于react 下一篇TypeScript 部分接口对象