Adding identity server authentication to .NET Core 3 app fails with 'Key type not specified.'

Question

I\'m trying to add identity server authentication to a .NET Core 3 API project.

I\'ve added this code

public v         


        

Answer 1

I don't think that the code you have added to install a signing certificate has caused the problem. The code in the stacktrace is being executed because identityBuilder.AddApiAuthorization<ApplicationUser, DbContext>(); calls AddSigningCredentials() which eventually configures code to look in appsettings.json for key definition Microsoft.AspNetCore.ApiAuthorization.IdentityServer.ConfigureSigningCredentials:

public SigningCredentials LoadKey()
{
    var key = new KeyDefinition();
    _configuration.Bind(key);
    switch (key.Type)
    {
        case KeySources.Development:
            var developmentKeyPath = Path.Combine(Directory.GetCurrentDirectory(), key.FilePath ?? DefaultTempKeyRelativePath);
            var createIfMissing = key.Persisted ?? true;
            _logger.LogInformation($"Loading development key at '{developmentKeyPath}'.");
            var developmentKey = new RsaSecurityKey(SigningKeysLoader.LoadDevelopment(developmentKeyPath, createIfMissing))
            {
                KeyId = "Development"
            };
            return new SigningCredentials(developmentKey, "RS256");
        case KeySources.File:
            var pfxPath = Path.Combine(Directory.GetCurrentDirectory(), key.FilePath);
            var pfxPassword = key.Password;
            var storageFlags = GetStorageFlags(key);
            _logger.LogInformation($"Loading certificate file at '{pfxPath}' with storage flags '{key.StorageFlags}'.");
            return new SigningCredentials(new X509SecurityKey(SigningKeysLoader.LoadFromFile(pfxPath, key.Password, storageFlags)), "RS256");
        case KeySources.Store:
            if (!Enum.TryParse<StoreLocation>(key.StoreLocation, out var storeLocation))
            {
                throw new InvalidOperationException($"Invalid certificate store location '{key.StoreLocation}'.");
            }
            _logger.LogInformation($"Loading certificate with subject '{key.Name}' in '{key.StoreLocation}\\{key.StoreName}'.");
            return new SigningCredentials(new X509SecurityKey(SigningKeysLoader.LoadFromStoreCert(key.Name, key.StoreName, storeLocation, GetCurrentTime())), "RS256");
        case null:
            throw new InvalidOperationException($"Key type not specified.");
        default:
            throw new InvalidOperationException($"Invalid key type '{key.Type ?? "(null)"}'.");
    }
}

You are hitting the null case because your appsettings.json or appsettings.Development.json file does not configure the Key.

I can reproduce your problem in 2 ways:

Commenting out the key configuration in appsetting.Development.json

{
  "Logging": {
    "LogLevel": {
      "Default": "Debug",
      "System": "Information",
      "Microsoft": "Information"
    }
  },
  "IdentityServer": {
    //"Key": {
    //  "Type": "Development"
    //}
  }
}

This assumes you are running\debugging in Development environment

The second way to reproduce is to configure to run in Production which doesn't have a Key definition by default in appsettings.json

I think the solution to your problem would be to define the certificate file in appsettings.json or appsettings.Development.json:

{
  "Logging": {
    "LogLevel": {
      "Default": "Debug",
      "System": "Information",
      "Microsoft": "Information"
    }
  },
  "IdentityServer": {
    "Key": {
      "Type": "File",
      "FilePath": "Certificates\\certificatefile.pfx",
      "Password": "veryDifficultPassword"
    }
  }
}

and remove this code

var fileName = Path.Combine("Certificates", "certificatefile.pfx");
var cert = new X509Certificate2(fileName, "veryDifficultPassword");
identityBuilder.AddSigningCredential(cert);