The ASP.NET Core 3.1 and later templates offer authentication in Single Page Apps (SPAs) using the support for API authorization. ASP.NET Core Identity for authenticating and storing users is combined with IdentityServer for implementing OpenID Connect.

Deploy to production

To deploy the app to production, the following resources need to be provisioned:

  • A database to store the Identity user accounts and the IdentityServer grants.
  • A production certificate to use for signing tokens.
    • There are no specific requirements for this certificate; it can be a self-signed certificate or a certificate provisioned through a CA authority.
    • It can be generated through standard tools like PowerShell or OpenSSL.
    • It can be installed into the certificate store on the target machines or deployed as a .pfx file with a strong password.

Example: Deploy to Azure App Service

This section describes deploying the app to Azure App Service using a certificate stored in the certificate store. To modify the app to load a certificate from the certificate store, a Standard tier service plan or better is required when you configure the app in the Azure portal in a later step.

In the app’s appsettings.json file, modify the IdentityServer section to include the key details:

"IdentityServer": {
  "Key": {
    "Type": "Store",
    "StoreName": "My",
    "StoreLocation": "CurrentUser",
    "Name": "CN=MyApplication"
  }
}
  • The store name represents the name of the certificate store where the certificate is stored. In this case, it points to the personal user store.
  • The store location represents where to load the certificate from (CurrentUser or LocalMachine).
  • The name property on certificate corresponds with the distinguished subject for the certificate.

To deploy to Azure App Service, follow the steps in Deploy the app to Azure, which explains how to create the necessary Azure resources and deploy the app to production.

After following the preceding instructions, the app is deployed to Azure but isn’t yet functional. The certificate used by the app must be configured in the Azure portal. Locate the thumbprint for the certificate and follow the steps described in Load your certificates.

While these steps mention SSL, there’s a Private certificates section in the Azure portal where you can upload the provisioned certificate to use with the app.

After configuring the app and the app’s settings in the Azure portal, restart the app in the portal.

Sources:

https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-api-authorization?view=aspnetcore-5.0

Last modified: December 17, 2020

Author

Comments

Write a Reply or Comment