我们正在使用.NET Core Web应用程序("http://docs.identityserver.io/en/release/quickstarts/0_overview.html")中的IdentityServer4。 我们已经将
这是我们的startup.cs文件:
AddDeveloperSigningCredential
替换为AddSigningCredential(CreateSigningCredential())
。由于在生产环境中不能使用AddDeveloperSigningCredential
,因为需要用一些持久的密钥材料来替换它。我们对IdentityServer4还不太了解,我们的问题是,以下方式是否适用于在生产环境中创建签名凭证?还是我们需要在此进行一些更改?这是我们的startup.cs文件:
public void ConfigureServices(IServiceCollection services)
{
services.AddSingleton<IConfiguration>(Configuration);
//connection string
string connectionString = Configuration.GetConnectionString("IdentityServer");
var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
services.AddIdentityServer().AddDeveloperSigningCredential
.AddSigningCredential(CreateSigningCredential())
// this adds the config data from DB (clients, resources)
.AddConfigurationStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(migrationsAssembly));
}) // this adds the operational data from DB (codes, tokens, consents)
.AddOperationalStore(options =>
{
options.ConfigureDbContext = builder =>
builder.UseSqlServer(connectionString,
sql => sql.MigrationsAssembly(migrationsAssembly));
// this enables automatic token cleanup. this is optional.
options.EnableTokenCleanup = true;
options.TokenCleanupInterval = 30;
});
}
private SigningCredentials CreateSigningCredential()
{
var credentials = new SigningCredentials(GetSecurityKey(), SecurityAlgorithms.RsaSha256Signature);
return credentials;
}
private RSACryptoServiceProvider GetRSACryptoServiceProvider()
{
return new RSACryptoServiceProvider(2048);
}
private SecurityKey GetSecurityKey()
{
return new RsaSecurityKey(GetRSACryptoServiceProvider());
}