New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"Katana API with IS4 and RSA" Throws When IdentityServer4withRSA Set a RsaSecurityKey #1

Closed
personball opened this Issue Jun 4, 2017 · 3 comments

Comments

Projects
None yet
1 participant
@personball

personball commented Jun 4, 2017

The code I used:

        //Startup of IdentityServer4withRSA
        public void ConfigureServices(IServiceCollection services)
        {
            /* code to generate rsa private key, 
             * you may need to install System.Security.Cryptography.Csp 
              using (RSACryptoServiceProvider provider = new RSACryptoServiceProvider(2048))
            {
                Console.WriteLine("PublicKey Only:");
                Console.WriteLine(Convert.ToBase64String(provider.ExportCspBlob(false)));   //PublicKey
                Console.WriteLine("With PrivateKey:");
                Console.WriteLine(Convert.ToBase64String(provider.ExportCspBlob(true)));    //PrivateKey

                Console.ReadLine();
            }
             */


            var rsa = new RSACryptoServiceProvider();
            rsa.ImportCspBlob(Convert.FromBase64String("BwIAAACkAABSU0E...BLA...BLA...."));//PrivateKey
            services.AddIdentityServer()
                .AddSigningCredential(new RsaSecurityKey(rsa))
                .AddInMemoryApiResources(Config.GetApis())
                .AddInMemoryClients(Config.GetClients());
        }

And leave one TestCase with two Api call in TestClient:

            new TestCase
            {
                Description = "IdentityServer4 using RSA key",
                TokenEndpoint = "http://localhost:5001/connect/token",

                Apis =
                {
                    new Api
                    {
                        Description = "ASP.NET Core (JWT)",
                        ClientId = "client",
                        Url = "http://localhost:5051"
                    },
                    new Api
                    {
                        Description = "Katana",
                        ClientId = "client",
                        Url = "http://localhost:6051"
                    }
                }
            }

Start CoreApiIdSrv4withRSA,Katana API with IS4 and RSA,IdentityServer4withRSA and run TestClient.

First TestClient access CoreApiIdSrv4withRSA, everything is ok. And then TestClient Get an Exception when it access Katana API with IS4 and RSA which return HttpStatusCode 500.

I checked twice, and still deal with it.

@personball

This comment has been minimized.

Show comment
Hide comment
@personball

personball Jun 4, 2017

I clone IdentityServer3.AccessTokenValidation, and debug with it, found the kid in JsonWebKeySet was null.

So, am I missing something to setup IdentityServer4 with RSA ?

personball commented Jun 4, 2017

I clone IdentityServer3.AccessTokenValidation, and debug with it, found the kid in JsonWebKeySet was null.

So, am I missing something to setup IdentityServer4 with RSA ?

@personball

This comment has been minimized.

Show comment
Hide comment
@personball

personball Jun 4, 2017

From source code of IdentityServer4, I followed the impl of .AddTemporarySigningCredential(), found the code I missed is key.KeyId = CryptoRandom.CreateUniqueId(16);

https://github.com/IdentityServer/IdentityServer4/blob/dev/src/IdentityServer4/Configuration/DependencyInjection/BuilderExtensions/Crypto.cs#L194

I'll close this issue.

personball commented Jun 4, 2017

From source code of IdentityServer4, I followed the impl of .AddTemporarySigningCredential(), found the code I missed is key.KeyId = CryptoRandom.CreateUniqueId(16);

https://github.com/IdentityServer/IdentityServer4/blob/dev/src/IdentityServer4/Configuration/DependencyInjection/BuilderExtensions/Crypto.cs#L194

I'll close this issue.

@personball personball closed this Jun 4, 2017

@personball

This comment has been minimized.

Show comment
Hide comment
@personball

personball Nov 8, 2017

Append

Right Config In ConfigureServices As Below:

    // Adds IdentityServer
    var rsa = new RSACryptoServiceProvider();
    rsa.ImportCspBlob(Convert.FromBase64String(Configuration["SigningCredential_RsaKey"]));
    var rsaKey = new RsaSecurityKey(rsa);
    rsaKey.KeyId = Configuration["SigningCredential_RasKeyId"];

    var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;

    services.AddIdentityServer()
        .AddSigningCredential(rsaKey)
        .AddConfigurationStore(builder =>
            builder.UseSqlServer(connectionString, options =>
                options.MigrationsAssembly(migrationsAssembly)))
        .AddOperationalStore(builder =>
            builder.UseSqlServer(connectionString, options =>
                options.MigrationsAssembly(migrationsAssembly)))
        .AddAspNetIdentity<ApplicationUser>();

personball commented Nov 8, 2017

Append

Right Config In ConfigureServices As Below:

    // Adds IdentityServer
    var rsa = new RSACryptoServiceProvider();
    rsa.ImportCspBlob(Convert.FromBase64String(Configuration["SigningCredential_RsaKey"]));
    var rsaKey = new RsaSecurityKey(rsa);
    rsaKey.KeyId = Configuration["SigningCredential_RasKeyId"];

    var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;

    services.AddIdentityServer()
        .AddSigningCredential(rsaKey)
        .AddConfigurationStore(builder =>
            builder.UseSqlServer(connectionString, options =>
                options.MigrationsAssembly(migrationsAssembly)))
        .AddOperationalStore(builder =>
            builder.UseSqlServer(connectionString, options =>
                options.MigrationsAssembly(migrationsAssembly)))
        .AddAspNetIdentity<ApplicationUser>();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment