1

So I created an ASP.NET Core website with IdentityServer authentication and published it to my Azure Web App but it complains about the certificate. I'm just using the default basic 1 tier web app with no custom domain. The web app is signed by a certificate out of the box so can't I just use that somehow?

Do I really need to buy a custom domain and my own certificate for this to work? I would prefer if I can just keep using the web app without a custom domain.

In the diagnostics dump I can see the error

   Couldn't find a valid certificate with subject 'CN=MyApplication' on the 'CurrentUser\My'
   at Microsoft.AspNetCore.ApiAuthorization.IdentityServer.SigningKeysLoader.LoadFromStoreCert(String subject, String storeName, StoreLocation storeLocation, DateTimeOffset currentTime)
   at Microsoft.AspNetCore.ApiAuthorization.IdentityServer.ConfigureSigningCredentials.LoadKey()
   at Microsoft.AspNetCore.ApiAuthorization.IdentityServer.ConfigureSigningCredentials.Configure(ApiAuthorizationOptions options)

Startup.cs

        var identityserver = services.AddIdentityServer();
        identityserver.AddApiAuthorization<ApplicationUser, AutheticationDbContext>();
        identityserver.AddSigningCredentials();

        services.AddAuthentication()
            .AddIdentityServerJwt();

appSettings.json

  "IdentityServer": {
    "Clients": {
      "MyWebProjectName.Client": {
        "Profile": "IdentityServerSPA"
      }
    },
    "Key": {
      "Type": "Store",
      "StoreName": "My",
      "StoreLocation": "CurrentUser",
      "Name": "CN=MyApplication"
    }
  }
Christian
  • 1,080
  • 1
  • 20
  • 37
  • 2
    "The web app is signed by a certificate out of the box so can't I just use that somehow?" -> No, because for App Services the SSL termination happens before the request even hits your app – silent Jan 28 '21 at 13:26
  • My answer should be useful to you. It is feasible to use the default domain name of the webapp and create a self signed certificate. If you have any questions, please tell me. – Jason Pan Jan 29 '21 at 02:40

1 Answers1

0

When you deploy your webapp, you will get a url like: https://appname.azurewebsites.net.

Do I really need to buy a custom domain and my own certificate for this to work?

Then you can use powershell to generate self signed certificate. So you don't need to create a new domain or buy certificate.

After deployed app, you also need to upload your self signed certificate on portal, like Syarif Mathis's answer on below post.

How to configure key settings for IdentityServer in appsettings.json for aspnet core app running on IIS

Jason Pan
  • 15,263
  • 1
  • 14
  • 29