Curerntly, any certificates to be loaded are specified in the appsettings.json configuration file. They can be either be retrieved from certificate stores or from explicit files (.pem/.key).
This is a problem when sites are deployed in Azure: there is no certificate store, and although you can upload certificates for each site, you can also read from from a shared Azure Blob storage. Another option would be to store the base64 encoding of the certificate directly in the appsettings. Other cloud providers may provide different options.
There is already an abstraction to load a certificate: IX509CertificateLoader. Today, there is only one implementation: Arc4u's X509CertificateLoader. But a custom implementation can be written to load a certificate using a different mechanism.
The AddBasicAuthenticationSettings extension method has an optional IX509CertificateLoader parameter which allows customization. But the AddOidcAuthentication does not have such a parameter.
This PR adds an optional IX509CertificateLoader parameter to AddOidcAuthentication and passes it to the AddBasicAuthenticationSettings method (which it calls). It is compatible with existing code.
The IX509CertificateLoader has been refactored to reduce duplicate code if the existing implementation is reused and customized.
Curerntly, any certificates to be loaded are specified in the
appsettings.jsonconfiguration file. They can be either be retrieved from certificate stores or from explicit files (.pem/.key).This is a problem when sites are deployed in Azure: there is no certificate store, and although you can upload certificates for each site, you can also read from from a shared Azure Blob storage. Another option would be to store the base64 encoding of the certificate directly in the appsettings. Other cloud providers may provide different options.
There is already an abstraction to load a certificate:
IX509CertificateLoader. Today, there is only one implementation: Arc4u'sX509CertificateLoader. But a custom implementation can be written to load a certificate using a different mechanism.The
AddBasicAuthenticationSettingsextension method has an optionalIX509CertificateLoaderparameter which allows customization. But theAddOidcAuthenticationdoes not have such a parameter.This PR adds an optional
IX509CertificateLoaderparameter toAddOidcAuthenticationand passes it to theAddBasicAuthenticationSettingsmethod (which it calls). It is compatible with existing code.The
IX509CertificateLoaderhas been refactored to reduce duplicate code if the existing implementation is reused and customized.