Curerntly, any certificates to be loaded are specified in the appsettings.json configuration file. They can be either be retrieved from certificate stores or from explicit files (.pem/.key).
This is a problem when sites are deployed in Azure: there is no certificate store, and although you can upload certificates for each site, you can also read from from a shared Azure Blob storage. Another option would be to store the base64 encoding of the certificate directly in the appsettings. Other cloud providers may provide different options.
There is already an abstraction to load a certificate: IX509CertificateLoader. Today, there is only one implementation: Arc4u's X509CertificateLoader. But a custom implementation can be written to load a certificate using a different mechanism.
The AddBasicAuthenticationSettings extension method has an optional IX509CertificateLoader parameter which allows customization. But the AddOidcAuthentication does not have such a parameter.
This PR adds an optional IX509CertificateLoader parameter to AddOidcAuthentication and passes it to the AddBasicAuthenticationSettings method (which it calls). It is compatible with existing code.
The IX509CertificateLoader has been refactored to reduce duplicate code if the existing implementation is reused and customized.
Curerntly, any certificates to be loaded are specified in the
appsettings.json
configuration file. They can be either be retrieved from certificate stores or from explicit files (.pem
/.key
).This is a problem when sites are deployed in Azure: there is no certificate store, and although you can upload certificates for each site, you can also read from from a shared Azure Blob storage. Another option would be to store the base64 encoding of the certificate directly in the appsettings. Other cloud providers may provide different options.
There is already an abstraction to load a certificate:
IX509CertificateLoader
. Today, there is only one implementation: Arc4u'sX509CertificateLoader
. But a custom implementation can be written to load a certificate using a different mechanism.The
AddBasicAuthenticationSettings
extension method has an optionalIX509CertificateLoader
parameter which allows customization. But theAddOidcAuthentication
does not have such a parameter.This PR adds an optional
IX509CertificateLoader
parameter toAddOidcAuthentication
and passes it to theAddBasicAuthenticationSettings
method (which it calls). It is compatible with existing code.The
IX509CertificateLoader
has been refactored to reduce duplicate code if the existing implementation is reused and customized.