Shulou(Shulou.com)06/01 Report--

What this article shares with you is about how to build IdentityServer4 that can be used for production in ABP VNext practice. The editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

I. Preface

Today, I will tell you how to build IDS4 using abp vnext framework and it can be used in production environment. It also needs to configure that the endpoint is not https when IDS4 uses nginx proxy in liunx system. This is also a pit. If you don't pay attention, authorization will not succeed, unless you configure mandatory verification to skip https.

2. ABP VNext CLI generates a project solution

CLI commands you can refer to wiki, the command is as follows: abp new Louie.Ids4Demo-- ui none-- separate-identity-server, where-separate-identity-server stands for separating the IdentityServer application from the API host application,-- ui none opens the command window without UI;, and copies it into it to generate a solution.

Then we need to authorize to modify the code migration configuration in the project, because I use mysql here, and the command is generated using sqlserver, change SQLServer to Mysql nuget package in Louie.Ids4Demo.EntityFrameworkCore, delete the Migrations folder in the DbMigrations class library, and then modify the configuration in DbContextFactory.cs. The screenshot is as follows:

1. Louie.Ids4Demo.EntityFrameworkCore class library, remove the sqlserver package and add the mysql package

Open the Ids4DemoEntityFrameworkCoreModule modification module injection and namespace

2. Louie.Ids4Demo.EntityFrameworkCore.DbMigrations class library, delete Migrations file

And modify the link configuration in the Ids4DemoMigrationsDbContextFactory.cs file

3. Add the database connection string to appsetting.json in the Louie.Ids4Demo.IdentityServer main program

4. Then use the migration command to generate the corresponding database table

5. Open the Louie.Ids4Demo.IdentityServer main program and open the Ids4DemoIdentityServerModule.cs class

Configure custom RSA asymmetric encryption certificates and prohibit temporary certificates generated by the system in the development environment. We need to use rewrite PreConfigureServices to replace the default configuration of the framework.

Of course, the certificate is generated by myself. You can generate it by yourself. Put the generated certificate in the directory of the main program, and then configure it in appsetting.json.

In the above configuration, AddResourceOwnerValidator mainly uses custom verification logic in password mode and adds declarations. If you don't need it, you can comment directly without configuration. AddProfileService mainly declares that claims needs to be consistent with the declaration defined in the database table, otherwise it cannot be displayed. This is also a way of security verification.

After configuration, start to open the browser, and the launched url suffix is added .well-known/openid-configuration. If the endpoint can be seen, the configuration is successful.

6. The problem arises. After our IDS4 is deployed to docker, we find that the endpoint we are looking at is not https. We need to configure a special code in the OnApplicationInitialization method.

Of course, you can also take a look at the issue: https://github.com/dotnet/AspNetCore.Docs/issues/2384 of a solution.

The main reason is that the reverse proxy used causes the domain name to be https, but the endpoint cannot map https; and insert the following code

After you deploy to the production line, you can see that the endpoint is already https.

The above is how to build an IdentityServer4 that can be used in production in ABP VNext practice. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.