Build IdentityServer3 with NetCore3.1

IdentityServer3.1.6 – Add KeySet

Generate cert.pfx

# cd to project root
"C:\Program Files\Git\usr\bin\openssl.exe" genrsa 2048 > private.pem
"C:\Program Files\Git\usr\bin\openssl.exe" req -x509 -days 1000 -new -key private.pem -out public.pem
"C:\Program Files\Git\usr\bin\openssl.exe" pkcs12 -export -in public.pem -inkey private.pem -out mycert.pfx

Add to startup.cs

using System.IO;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;


            X509Certificate2 cert = new X509Certificate2(Path.Combine(Directory.GetCurrentDirectory(), "mycert.pfx"), "");
            Console.WriteLine("cert private key: " + cert.PrivateKey);

            services.AddIdentityServer()
                    .AddSigningCredential(cert)

Add to appsettings.json

"IdentityServer": {
    "Key": {
      "Type": "File",
      "FilePath": "mycert.pfx",
      "Password": "password123"
    }
  }

Include file to project: *.csproj

  <ItemGroup>
    <None Update="mycert.pfx" CopyToOutputDirectory="PreserveNewest" ExcludeFromSingleFile="true" />
  </ItemGroup>

FAQ

fix http url issue in startup.cs

            #region Fix idSrv3 keep http:// issue
            var forwardOptions = new ForwardedHeadersOptions
            {
                ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto,
                // Needed because of mixing http and https.
                RequireHeaderSymmetry = false,
            };


            // Accept X-Forwarded-* headers from all sources.
            forwardOptions.KnownNetworks.Clear();
            forwardOptions.KnownProxies.Clear();


            app.UseForwardedHeaders(forwardOptions);    
            #endregion

John's Blog

世界因思緒而複雜, 人因夢想而偉大

Build IdentityServer3 with NetCore3.1

Be the first to comment

Leave a Reply Cancel reply