I created the template Angular / ASP.NET Core with authorisation support using this command:
dotnet new angular --auth Individual
This is an:
All pre-configured to work together.
Before I deploy my app based on this template, I'm trying to first deploy this template app to IIS.
I've deployed the app to IIS and have a database setup and the app connected to it just fine, but I'm stuck. I am not sure how to create and configure the production certificate to use for signing tokens.
At this point in the Microsoft docs it briefly mentions "A production certificate to use for signing tokens." and gives and example for deployment to Azure.
How do I create the key in IIS? do you do something here?
Then how do I then add the correct settings to appsettings.json?
"IdentityServer": {
"Key": {
"Type": "Store",
"StoreName": "My",
"StoreLocation": "CurrentUser",
"Name": "CN=MyApplication"
}
}
I'm struggling to find any guides or examples on the net, any help or point in the right direction would be appreciated.
I also found that the documentation is not comperhensive enough. I managed to deploy the an angular app to azure. Im not sure if it similar to the deployment to IIS. But may be this could help you to find the solution for your problem.
Deployment to Azure:
First you have to upload the (self signed) certificate (.pfx) to azure app service. I used this guide to create self signed certificate.
upload certificate image
You also have to make the certificate available by adding the thumbprint into the application setting. see image.
Dont forget to update your appsettings.json so your app can access the certificate from the previous step.
"IdentityServer": {
"Key": {
"Type": "Store",
"StoreName": "My",
"StoreLocation": "CurrentUser",
"Name": "CN=yourApp-domain.com"
}
}
If you encounter problem. Change the environtment variable in appservice to "Development" to see detail information of the error. like this.
change environment variable
For now I have worked around this problem by exporting the certificate to a file. Under Server Certificates in IIS you can right-click a certificate and export it.
Then you can configure the key parameters in appsettings.json
to reference a file like so:
"Key": {
"Type": "File",
"FilePath": "..\\test.pfx",
"Password": "Test"
}
I would still like to reference a store certificate.
So this should fairly straightforward to configure for development purposes. In IIS you can issue yourself a self-signed certificate which will naturally only be valid on your local machine.
Give it some name and if you don't change anything else and click OK, it will by default store the generated certificate in your Personal
store for LocalMachine
so below config should work:
"IdentityServer": {
"Key": {
"Type": "Store",
"StoreName": "Personal",
"StoreLocation": "LocalMachine",
"Name": "YourName"
}
}
It is worthwhile noting that if you try to import certificate from somewhere else - it must be at least 2048 bit key for Identity Server 4 purposes.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With