diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server/MyCompanyName.MyProjectName.Blazor.Server.csproj b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server/MyCompanyName.MyProjectName.Blazor.Server.csproj
index cfcbea04d4..442e523f87 100644
--- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server/MyCompanyName.MyProjectName.Blazor.Server.csproj
+++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server/MyCompanyName.MyProjectName.Blazor.Server.csproj
@@ -17,6 +17,8 @@
+
+
@@ -29,7 +31,7 @@
-
+
diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server/MyProjectNameBlazorModule.cs b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server/MyProjectNameBlazorModule.cs
index 39c3601722..a01ea41953 100644
--- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server/MyProjectNameBlazorModule.cs
+++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Blazor.Server/MyProjectNameBlazorModule.cs
@@ -1,6 +1,5 @@
using System;
using System.IO;
-using System.Net.Http;
using Blazorise.Bootstrap5;
using Blazorise.Icons.FontAwesome;
using Microsoft.AspNetCore.Builder;
@@ -53,7 +52,7 @@ namespace MyCompanyName.MyProjectName.Blazor.Server;
typeof(AbpSwashbuckleModule),
typeof(AbpAspNetCoreAuthenticationJwtBearerModule),
typeof(AbpAspNetCoreSerilogModule),
- typeof(AbpAccountWebIdentityServerModule),
+ typeof(AbpAccountWebOpenIddictModule),
typeof(AbpAspNetCoreComponentsServerBasicThemeModule),
typeof(AbpIdentityBlazorServerModule),
typeof(AbpTenantManagementBlazorServerModule),
@@ -74,6 +73,23 @@ public class MyProjectNameBlazorModule : AbpModule
typeof(MyProjectNameBlazorModule).Assembly
);
});
+
+ PreConfigure(builder =>
+ {
+ // https://documentation.openiddict.com/configuration/token-formats.html#disabling-jwt-access-token-encryption
+ // In production, it is recommended to use two RSA certificates, distinct from the certificate(s) used for HTTPS: one for encryption, one for signing.
+ builder.DisableAccessTokenEncryption();
+ });
+
+ PreConfigure(builder =>
+ {
+ builder.AddValidation(options =>
+ {
+ options.AddAudiences("MyProjectName");
+ options.UseLocalServer();
+ options.UseAspNetCore();
+ });
+ });
}
public override void ConfigureServices(ServiceConfigurationContext context)
@@ -275,7 +291,6 @@ public class MyProjectNameBlazorModule : AbpModule
}
app.UseUnitOfWork();
- app.UseIdentityServer();
app.UseAuthorization();
app.UseSwagger();
app.UseAbpSwaggerUI(options =>
diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.Host/MyProjectNameHttpApiHostModule.cs b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.Host/MyProjectNameHttpApiHostModule.cs
index b08c7c714e..d2dbacc14f 100644
--- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.Host/MyProjectNameHttpApiHostModule.cs
+++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.Host/MyProjectNameHttpApiHostModule.cs
@@ -103,9 +103,6 @@ public class MyProjectNameHttpApiHostModule : AbpModule
options.Authority = configuration["AuthServer:Authority"];
options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
options.Audience = "MyProjectName";
-
- options.TokenValidationParameters.IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_C40DBB176E78"));
- options.TokenValidationParameters.TokenDecryptionKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_87E33FC57D80"));
});
}
diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.HostWithIds/MyProjectNameHttpApiHostModule.cs b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.HostWithIds/MyProjectNameHttpApiHostModule.cs
index 7696512460..9e4f1a31cb 100644
--- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.HostWithIds/MyProjectNameHttpApiHostModule.cs
+++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.HttpApi.HostWithIds/MyProjectNameHttpApiHostModule.cs
@@ -52,10 +52,9 @@ public class MyProjectNameHttpApiHostModule : AbpModule
{
PreConfigure(builder =>
{
- //https://documentation.openiddict.com/configuration/token-formats.html#disabling-jwt-access-token-encryption
- //https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html
- builder.AddSigningKey(new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_C40DBB176E78")));
- builder.AddEncryptionKey(new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_87E33FC57D80")));
+ // https://documentation.openiddict.com/configuration/token-formats.html#disabling-jwt-access-token-encryption
+ // In production, it is recommended to use two RSA certificates, distinct from the certificate(s) used for HTTPS: one for encryption, one for signing.
+ builder.DisableAccessTokenEncryption();
});
PreConfigure(builder =>
@@ -74,11 +73,6 @@ public class MyProjectNameHttpApiHostModule : AbpModule
var configuration = context.Services.GetConfiguration();
var hostingEnvironment = context.Services.GetHostingEnvironment();
- Configure(options =>
- {
- options.AddDevelopmentEncryptionAndSigningCertificate = false;
- });
-
ConfigureBundles();
ConfigureUrls(configuration);
ConfigureConventionalControllers();
@@ -146,11 +140,6 @@ public class MyProjectNameHttpApiHostModule : AbpModule
private void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration)
{
- Configure(options =>
- {
- options.AddDevelopmentEncryptionAndSigningCertificate = false;
- });
-
context.Services.AddAuthentication()
.AddJwtBearer(options =>
{
@@ -161,11 +150,8 @@ public class MyProjectNameHttpApiHostModule : AbpModule
{
ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator
};
-
- options.MapInboundClaims = false;
- options.TokenValidationParameters.IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_C40DBB176E78"));
- options.TokenValidationParameters.TokenDecryptionKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_87E33FC57D80"));
+ options.MapInboundClaims = false;
});
}
diff --git a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.IdentityServer/MyProjectNameIdentityServerModule.cs b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.IdentityServer/MyProjectNameIdentityServerModule.cs
index 9f4867d024..c4d9da125a 100644
--- a/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.IdentityServer/MyProjectNameIdentityServerModule.cs
+++ b/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.IdentityServer/MyProjectNameIdentityServerModule.cs
@@ -1,14 +1,12 @@
using System;
using System.IO;
using System.Linq;
-using System.Text;
using Localization.Resources.AbpUi;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Cors;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
-using Microsoft.IdentityModel.Tokens;
using MyCompanyName.MyProjectName.EntityFrameworkCore;
using MyCompanyName.MyProjectName.Localization;
using MyCompanyName.MyProjectName.MultiTenancy;
@@ -30,8 +28,6 @@ using Volo.Abp.Caching;
using Volo.Abp.Caching.StackExchangeRedis;
using Volo.Abp.Localization;
using Volo.Abp.Modularity;
-using Volo.Abp.OpenIddict;
-using Volo.Abp.OpenIddict.WildcardDomains;
using Volo.Abp.UI.Navigation.Urls;
using Volo.Abp.UI;
using Volo.Abp.VirtualFileSystem;
@@ -54,10 +50,9 @@ public class MyProjectNameIdentityServerModule : AbpModule
{
PreConfigure(builder =>
{
- //https://documentation.openiddict.com/configuration/token-formats.html#disabling-jwt-access-token-encryption
- //https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html
- builder.AddSigningKey(new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_C40DBB176E78")));
- builder.AddEncryptionKey(new SymmetricSecurityKey(Encoding.UTF8.GetBytes("Abp_OpenIddict_Demo_87E33FC57D80")));
+ // https://documentation.openiddict.com/configuration/token-formats.html#disabling-jwt-access-token-encryption
+ // In production, it is recommended to use two RSA certificates, distinct from the certificate(s) used for HTTPS: one for encryption, one for signing.
+ builder.DisableAccessTokenEncryption();
});
PreConfigure(builder =>
@@ -76,11 +71,6 @@ public class MyProjectNameIdentityServerModule : AbpModule
var hostingEnvironment = context.Services.GetHostingEnvironment();
var configuration = context.Services.GetConfiguration();
- Configure(options =>
- {
- options.AddDevelopmentEncryptionAndSigningCertificate = false;
- });
-
Configure(options =>
{
options.Resources