IdentityServer4存储客户端机密 [英] IdentityServer4 storing Client Secrets
问题描述
我目前正在尝试构建一个单点登录服务器,以供几个客户端使用。因为我不确定,所以打算创建多少个客户端,所以我打算这样做,以便可以在运行时使用EntityFramework配置存储添加客户端。
我现在的问题是如何设置客户端机密。我尝试生成一个新的GUID并将其用作秘密。现在的问题是,配置存储只想保存机密的哈希版本,而我需要访问纯机密才能将其添加到实际的客户端应用程序中。
<我认为这是故意的,不建议保存秘密的明文吗?
使用以下算法生成sha256哈希是什么?这与 IdentityServer4.Models.HashExtensions
类中使用的算法相同。
使用System.Security.Cryptography;
静态类扩展名
{
公共静态字符串Sha256(此字符串输入)
{
使用(SHA256 shA256 = SHA256.Create())
{
byte [] bytes = Encoding.UTF8.GetBytes(input);
return Convert.ToBase64String((((HashAlgorithm)shA256).ComputeHash(bytes));
}
}
}
void Main()
{
Console.WriteLine( secret-as-guid .Sha256());
}
I'm currently trying to build an single sign-on Server for a couple of clients to use. Because I don't exactly know, how many clients that will be, I planned to make it so I can add clients at runtime using the EntityFramework Configuration Store.
My problem is now how to set the client secrets. I tried generating a new GUID and using that as a secret. The problem now is, that the Configuration Store just wants to save the hashed version of the secret and I would need to access the plain secret to add it to the actual client application.
I assume that this is on purpose and that it is discouraged to save the plain version of the secret? What would be the go-to solution for saving secrets?
Use following algorithm to generate sha256 hash. This is the same algorithm used in IdentityServer4.Models.HashExtensions
class.
using System.Security.Cryptography;
static class Extentions
{
public static string Sha256(this string input)
{
using (SHA256 shA256 = SHA256.Create())
{
byte[] bytes = Encoding.UTF8.GetBytes(input);
return Convert.ToBase64String(((HashAlgorithm)shA256).ComputeHash(bytes));
}
}
}
void Main()
{
Console.WriteLine( "secret-as-guid".Sha256());
}
这篇关于IdentityServer4存储客户端机密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!