/// <summary> /// Adds a new OpenID Connect server instance in the ASP.NET pipeline. /// </summary> /// <param name="app">The web application builder.</param> /// <param name="configuration">A delegate allowing to modify the options controlling the behavior of the OpenID Connect server.</param> /// <returns>The application builder.</returns> public static IApplicationBuilder UseOpenIdConnectServer( [NotNull] this IApplicationBuilder app, [NotNull] Action <OpenIdConnectServerConfiguration> configuration) { var options = new OpenIdConnectServerConfiguration(app); // By default, enable AllowInsecureHttp in development/testing environments. var environment = app.ApplicationServices.GetRequiredService <IHostingEnvironment>(); options.Options.AllowInsecureHttp = environment.IsDevelopment() || environment.IsEnvironment("Testing"); configuration(options); // If no key has been explicitly added, use the fallback mode. if (options.Options.SigningCredentials.Count == 0) { var directory = GetDefaultKeyStorageDirectory(); // Ensure the directory exists. if (!directory.Exists) { directory.Create(); directory.Refresh(); } options.UseKeys(directory); } return(app.UseMiddleware <OpenIdConnectServerMiddleware>(options.Options)); }
/// <summary> /// Uses the <see cref="RsaSecurityKey"/>s stored in the given directory. /// Note: this extension will automatically ignore incompatible keys and /// create a new RSA key if none has been previously added. /// </summary> /// <param name="configuration">The options used to configure the OpenID Connect server.</param> /// <param name="directory">The directory containing the encrypted keys.</param> /// <returns>The options used to configure the OpenID Connect server.</returns> public static OpenIdConnectServerConfiguration UseKeys( [NotNull] this OpenIdConnectServerConfiguration configuration, [NotNull] DirectoryInfo directory) { // Gets a data protector from the services provider. var protector = configuration.Builder.ApplicationServices.GetDataProtector( typeof(OpenIdConnectServerMiddleware).Namespace, configuration.Options.AuthenticationScheme, "Signing_Credentials", "v1"); return(configuration.UseKeys(directory, protector)); }