diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Microsoft/Extensions/DependencyInjection/NativeMethods.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Microsoft/Extensions/DependencyInjection/NativeMethods.cs
new file mode 100644
index 0000000000..88f7de9999
--- /dev/null
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Microsoft/Extensions/DependencyInjection/NativeMethods.cs
@@ -0,0 +1,22 @@
+using System;
+using System.Runtime.InteropServices;
+
+namespace Microsoft.Extensions.DependencyInjection;
+
+/// <summary>
+/// https://github.com/dotnet/aspnetcore/blob/release/9.0/src/Servers/IIS/IIS/src/NativeMethods.cs
+/// </summary>
+static internal partial class NativeMethods
+{
+    private const string KERNEL32 = "kernel32.dll";
+
+    private const string AspNetCoreModuleDll = "aspnetcorev2_inprocess.dll";
+
+    [LibraryImport(KERNEL32, EntryPoint = "GetModuleHandleW")]
+    private static partial IntPtr GetModuleHandle([MarshalAs(UnmanagedType.LPWStr)] string lpModuleName);
+
+    public static bool IsAspNetCoreModuleLoaded()
+    {
+        return GetModuleHandle(AspNetCoreModuleDll) != IntPtr.Zero;
+    }
+}
diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Microsoft/Extensions/DependencyInjection/OpenIddictServerBuilderExtensions.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Microsoft/Extensions/DependencyInjection/OpenIddictServerBuilderExtensions.cs
index 046bde64eb..7d7670b5c4 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Microsoft/Extensions/DependencyInjection/OpenIddictServerBuilderExtensions.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Microsoft/Extensions/DependencyInjection/OpenIddictServerBuilderExtensions.cs
@@ -1,3 +1,4 @@
+using System;
 using System.IO;
 using System.Security.Cryptography.X509Certificates;
 
@@ -12,6 +13,11 @@ public static class OpenIddictServerBuilderExtensions
             throw new FileNotFoundException($"Signing Certificate couldn't found: {fileName}");
         }
 
+        if (flag == null && OperatingSystem.IsWindows() && NativeMethods.IsAspNetCoreModuleLoaded())
+        {
+            flag = X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.EphemeralKeySet;
+        }
+
         var certificate = flag != null
             ? X509CertificateLoader.LoadPkcs12FromFile(fileName, passPhrase, flag.Value)
             : X509CertificateLoader.LoadPkcs12FromFile(fileName, passPhrase);
diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo.Abp.OpenIddict.AspNetCore.csproj b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo.Abp.OpenIddict.AspNetCore.csproj
index b249bd5029..a5208574f5 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo.Abp.OpenIddict.AspNetCore.csproj
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo.Abp.OpenIddict.AspNetCore.csproj
@@ -7,6 +7,7 @@
     <TargetFramework>net9.0</TargetFramework>
     <OutputType>Library</OutputType>
     <IsPackable>true</IsPackable>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
     <RootNamespace />
   </PropertyGroup>