2

I am building an ASP.NET Core version 1.1 application that I want Kestrel to run over HTTPS/SSL. Here is the Program.cs bootstrap code...

public class Program
{
    public static void Main(string[] args)
    {
        var contentRoot = Directory.GetCurrentDirectory();
        var certFilePath = Path.Combine(contentRoot, @"Certificates\Kestrel.pfx");

        // TODO Store password in Secrets
        var certificate = new X509Certificate2(certFilePath, "kr0GEE6lJ5Ok");

        var host = new WebHostBuilder()
            .UseKestrel(cfg => cfg.UseHttps(certificate))
            .UseContentRoot(contentRoot)
            .UseSetting("detailedErrors", "true")
            .UseIISIntegration()
            .UseStartup<Startup>()
            .UseUrls("https://localhost:5001/")
            .CaptureStartupErrors(true)
            .Build();

        host.Run();
    }
}

This works as you might expect, but I would like to remove the certificate's password string from the code.

I have used the new (to me anyway) Secrets Manager Tool in the rest of the application, but I cannot find a way to reference this at this stage in the application pipeline.

Is this possible? If not, what other options might I look at?

Thanks.

Improve this question
1

2 Answers 2

Reset to default
2

I am not sure whether you can use the Secrets API. But you can read the password either from Environment variables or appsettings.json file. Here is the sample code. I am using .NET Core 2.0 code, which is similar to .NET Core 1.1.

public class Program
{
    public static void Main(string[] args)
    {
        var builder = new ConfigurationBuilder()
            .SetBasePath(Directory.GetCurrentDirectory())
            .AddEnvironmentVariables()
            .AddJsonFile("appsettings.json");

        Configuration = builder.Build();
        BuildWebHost(args).Run();
    }
    public static IConfigurationRoot Configuration { get; set; }
    public static IWebHost BuildWebHost(string[] args) =>
        WebHost.CreateDefaultBuilder(args).UseKestrel(options =>
        {
            var password = Configuration["certPassword"];
            options.Listen(System.Net.IPAddress.Loopback, 5001, listenOptions =>
            {
                listenOptions.UseHttps("testCert.pfx", password);
                listenOptions.UseConnectionLogging();
            });
        })
        .UseStartup<Startup>()
        .Build();
}

Hope it helps.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This is certainly a workaround - thank you. The whole settings encryption support for .Net Core seems a little thin at the moment, or at lease somewhat biased to Azure.
2

This is a quick solution based on the following article who explain how to add the user secret in console application.

// secrets.json (you can access to this file in Visual Studio via right click on your project in Solution Explorer => Manage user secrets)
{
    "SecretSection": {
        "Secret1": "Value1",
        "Secret2": "Value2"
    }
}

// YourSecretSettings.cs
public class YourSecretSettings
{
    public string Secret1 { get; set; }
    public string Secret2 { get; set; }
}


// Program.cs
public class Program
{
    public static void Main(string[] args)
    {
        var config = new ConfigurationBuilder()
            .SetBasePath(Directory.GetCurrentDirectory())
            .AddEnvironmentVariables()
            .AddJsonFile("appsettings.json", optional: false)
            .AddUserSecrets<YourSecretSettings>()
            .Build();

        var secretSettings = config.GetSection("SecretSection").Get<YourSecretSettings>();
        // Do Something with your secret settings ...

        CreateWebHostBuilder(args)
            .Build()
            .Run();
    }

    public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
        WebHost.CreateDefaultBuilder(args)
            .UseStartup<Startup>();
}

Et Voilà :)

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.