- ABP Framework version: v6.0.1
- UI Type: MVC
- Database System: EF Core (PostgreSQL)
- Tiered (for MVC) or Auth Server Separated (for Angular): Tiered
- Exception message and full stack trace:
- Steps to reproduce the issue:
I already have a certificate in Azure and I would like to use it for OpenIddict. In my App Service in Azure where I have my application deployed, in Identity in the environment variables I already have WEBSITE_LOAD_CERTIFICATES configured. Now I would need to modify the code to be able to use that certificate. I am giving you the code that I currently have.
public override void PreConfigureServices(ServiceConfigurationContext context)
{
var hostingEnvironment = context.Services.GetHostingEnvironment();
var configuration = context.Services.GetConfiguration();
PreConfigure<OpenIddictBuilder>(builder =>
{
builder.AddValidation(options =>
{
options.AddAudiences("WebApp");
options.UseLocalServer();
options.UseAspNetCore();
});
});
/*
* This configuration is used when the AuthServer is running on docker containers at localhost.
* Configuring the redirectin URLs for internal network and the web
*/
if (!hostingEnvironment.IsDevelopment())
{
PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
{
options.AddDevelopmentEncryptionAndSigningCertificate = false;
});
PreConfigure<OpenIddictServerBuilder>(serverBuilder =>
{
serverBuilder.AddProductionEncryptionAndSigningCertificate("openiddict.pfx", "00000000-0000-0000-0000-000000000000");
serverBuilder.SetIssuer(new Uri(configuration["AuthServer:Authority"]!));
});
}
}
6 Answer(s)
-
0
Hi
What’s your azure certificate path?
Can you read it as stream via code?
Thanks
-
0
In my environment variable WEBSITE_LOAD_CERTIFICATES I store the Thumbprint of the certificate.
-
0
hi
Can you read the
WEBSITE_LOAD_CERTIFICATESvalue from your ASP Net core app?Environment.GetEnvironmentVariable("WEBSITE_LOAD_CERTIFICATES")What is the value of
WEBSITE_LOAD_CERTIFICATES?PreConfigure<OpenIddictServerBuilder>(builder => { //https://documentation.openiddict.com/configuration/token-formats.html#disabling-jwt-access-token-encryption //https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html builder.AddSigningKey(new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_C40DBB176E78"))); builder.AddEncryptionKey(new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_87E33FC57D80"))); }); -
0
I have already been able to solve it. Here I have the certificate.
In the environment variables I have added the thumbprint of my certificate
This is the new code I added
public override void PreConfigureServices(ServiceConfigurationContext context) { var hostingEnvironment = context.Services.GetHostingEnvironment(); var configuration = context.Services.GetConfiguration(); PreConfigure<OpenIddictBuilder>(builder => { builder.AddValidation(options => { options.AddAudiences("WebApp"); options.UseLocalServer(); options.UseAspNetCore(); }); }); if (!hostingEnvironment.IsDevelopment()) { PreConfigure<AbpOpenIddictAspNetCoreOptions>(options => { options.AddDevelopmentEncryptionAndSigningCertificate = false; }); PreConfigure<OpenIddictServerBuilder>(serverBuilder => { // Obtén el thumbprint del certificado desde la variable de entorno var certificateThumbprint = Environment.GetEnvironmentVariable("WEBSITE_LOAD_CERTIFICATES"); if (!string.IsNullOrWhiteSpace(certificateThumbprint)) { // Obtén el certificado directamente desde Azure App Service var certificate = GetCertificateFromAzure(certificateThumbprint); if (certificate == null) { throw new InvalidOperationException($"No se pudo encontrar el certificado con thumbprint '{certificateThumbprint}' en Azure App Service."); } serverBuilder.AddEncryptionCertificate(certificate); serverBuilder.AddSigningCertificate(certificate); } else { throw new InvalidOperationException("La variable de entorno 'WEBSITE_LOAD_CERTIFICATES' no está configurada o está vacía."); } // Establece el issuer a partir de la configuración serverBuilder.SetIssuer(new Uri(configuration["AuthServer:Authority"]!)); }); } } private X509Certificate2? GetCertificateFromAzure(string thumbprint) { try { var store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); var certificate = store.Certificates .Find(X509FindType.FindByThumbprint, thumbprint, validOnly: false) .OfType<X509Certificate2>() .FirstOrDefault(); store.Close(); return certificate; } catch (Exception ex) { throw new InvalidOperationException("Error al cargar el certificado desde Azure App Service.", ex); } } -
0
Thank you for sharing the solution.
-
0
We are using the same certificate for OpenIddict and HTTPS. Is it recommended to use the same certificate, or would it be better to use two different certificates?
