maliming
commented
1 year ago Open XavierRM-S opened 1 year ago
maliming
commented
1 year ago 
XavierRM-S
commented
1 year ago Hi
This issue is not to ask how this can be done. I know it is possible and how.
I wanted to know if you were open to improving the out-of-the-box support for this operation, so we don't have to copy and paste the same certificate management code in every project.
maliming
commented
1 year ago We already add it to the commercial template. will also do it for opensource.
XavierRM-S
commented
1 year ago Alright. If you already have something I'll just wait with my custom solution until you push the changes in this repo. Feel free to close the issue if you don't need it to track that subject.
Is there an existing issue for this?
Is your feature request related to a problem? Please describe the problem.
Since the introduction of OpenIdDict, it is not possible to host ABP application out of the box on some hosting providers, including Azure App Services.
The problem comes from the way OpenIdDict handles development certificates, and can be avoided by manually specifying which certificates should be used, instead of using
AddDevelopmentEncryptionCertificateandAddDevelopmentSigningCertificate, both of which are used by ABP by default.Describe the solution you'd like
The solution I'd like to see is an improvement over the existing
AddDevelopmentEncryptionAndSigningCertificateoption. Instead of just enabling/disabling development certificates,AbpOpenIddictAspNetCoreOptionsshould also provide tools to use other certificate sources:AddEphemeralEncryptionKeyandAddEphemeralSigningKey)Ideally, these should be made easy to change using
IConfiguration, as this is the kind of setting that will typically have to be changed depending on where the app is hosted.Additional context
I'd be ready to propose an implementation for this feature, if nobody has remarks about the general principles presented in this issue.