Minor cleanup

[Atrejoe]

Added user-secrets to web project, allowing safe storage of credentials during development Ignored Visual Studio and user-specific files

[AaronAtDuo]

@Atrejoe Thanks for the PR. I've almost committed Duo keys multiple times, so a better way to handle secrets would be welcome. Couple things:

For those (like me) not familiar with the User Secrets functionality in ASP.NET Core, could you also include changes to the README that explain how to use this as an alternative to the appsettings files?

Also, is the User Secrets capability restricted to Windows, or is it cross-platform? Does it only work with Visual Studio, or can it be used from the dotnet CLI? I want to avoid any OS/platform specific limitations as much as possible.

[AaronAtDuo]

The CI failures seem to be due to the certificate issue from yesterday (https://github.com/duosecurity/duo_universal_csharp/issues/10) so the tests should pass on the next run. There is an issue with the linter still which we are looking into.

[AaronAtDuo]

@Atrejoe Circling back to this, I'm still curious about this user secrets capability. Is there any documentation you can share, or answers to my above questions?

[Atrejoe]

@AaronAtDuo my apologies for not coming back to you, assuming you have already found out, but leaving this for posterity:

Enabling user-secrets in a project allow developers to store secrets in their local user-profile, preventing accidentally committing these secrets to the repo. The secrets reside in the users profile directory and will be merged only when present. For more information, read: https://learn.microsoft.com/en-us/aspnet/core/security/app-secrets

TLDR:

• Open User-Secrets
• Set or change secrets using dot-notated attributes

[AaronAtDuo]

@Atrejoe This looks promising! Unless I'm misreading this though, there's also changes to Startup.cs that are necessary to actually retrieve the stored secrets?