Skip to content

Bump packages MTLS demo and use new X509CertificateLoader for certificate loading #284

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
RolandGuijt merged 1 commit into from
Jan 14, 2026
Merged

Bump packages MTLS demo and use new X509CertificateLoader for certificate loading #284

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions IdentityServer/v7/MTLS/Api/Api.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.0" />
<PackageReference Include="Serilog.AspNetCore" Version="9.0.0" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.1" />
<PackageReference Include="Serilog.AspNetCore" Version="10.0.0" />
</ItemGroup>

</Project>
2 changes: 1 addition & 1 deletion IdentityServer/v7/MTLS/ClientCredentials/ClientCredentials.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="Duende.IdentityModel" Version="7.1.0" />
<PackageReference Include="Duende.IdentityModel" Version="8.0.0" />
</ItemGroup>

<ItemGroup>
Expand Down
6 changes: 3 additions & 3 deletions IdentityServer/v7/MTLS/ClientCredentials/ConsoleExtensions.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
// Copyright (c) Duende Software. All rights reserved.
// Licensed under the MIT License. See LICENSE in the project root for license information.

using System.Buffers.Text;
using System.Diagnostics;
using System.Text;
using System.Text.Json;
using Duende.IdentityModel;

namespace Shared;

Expand Down Expand Up @@ -40,7 +40,7 @@ public static void ShowAccessToken(this string accessToken)
var header = parts[0];
var payload = parts[1];

Console.WriteLine(JsonSerializer.Serialize(JsonDocument.Parse(Encoding.UTF8.GetString(Base64Url.Decode(header))), new JsonSerializerOptions { WriteIndented = true }));
Console.WriteLine(JsonSerializer.Serialize(JsonDocument.Parse(Encoding.UTF8.GetString(Base64Url.Decode(payload))), new JsonSerializerOptions { WriteIndented = true }));
Console.WriteLine(JsonSerializer.Serialize(JsonDocument.Parse(Encoding.UTF8.GetString(Base64Url.DecodeFromChars(header))), new JsonSerializerOptions { WriteIndented = true }));
Console.WriteLine(JsonSerializer.Serialize(JsonDocument.Parse(Encoding.UTF8.GetString(Base64Url.DecodeFromChars(payload))), new JsonSerializerOptions { WriteIndented = true }));
}
}
2 changes: 1 addition & 1 deletion IdentityServer/v7/MTLS/ClientCredentials/Program.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ static SocketsHttpHandler GetHandler()
var assemblyDir = typeof(Program).Assembly.Location;
var certPath = Path.GetFullPath(Path.Combine(assemblyDir, "../../../../../localhost-client.p12"));

var cert = new X509Certificate2(certPath, "changeit");
var cert = X509CertificateLoader.LoadPkcs12FromFile(certPath, "changeit");
handler.SslOptions.ClientCertificates = new X509CertificateCollection { cert };

return handler;
Expand Down
14 changes: 7 additions & 7 deletions IdentityServer/v7/MTLS/IdentityServerHost/Clients.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,25 +10,25 @@ namespace IdentityServerHost;

public static class Clients
{
// These ClientCert related helper methods make the demo easy to run, but
// These ClientCert related helper methods make the demo easy to run, but
// are not suitable for production. The point is client authentication based
// on the mTLS certificate needs some way of identifying the certificate
// on the mTLS certificate needs some way of identifying the certificate
// to use, which can either be the client certificates subject or thumbprint.
// The thumbprint is more specific: it uniquely identifies a single certificate.
// The subject is more flexible: any certificate signed by an authority that
// you trust with the expected subject can be used. This facilitates
// The subject is more flexible: any certificate signed by an authority that
// you trust with the expected subject can be used. This facilitates
// rotation of certificates, but depends on strong public key infrastructure.
// Depending on how you are distributing client certificates to your clients
// and your security requirements, either approach can work.
//
// In this sample, we are obtaining that information in an unrealistic way.
// We simply load the certificate file that is also used by the client, and
// then take the thumbprint or subject from that. In a real deployment, the
// certificate should be controlled by the client and not be shared in this
// then take the thumbprint or subject from that. In a real deployment, the
// certificate should be controlled by the client and not be shared in this
// way. We are doing this because we don't know the thumbprint or subject of
// the certificate that mkcert will generate.
private static X509Certificate2 ClientCert() =>
new X509Certificate2("../localhost-client.p12", "changeit");
X509CertificateLoader.LoadPkcs12FromFile("../localhost-client.p12", "changeit");
private static string ClientCertificateThumbprint() => ClientCert().Thumbprint;
private static string ClientCertificateSubject() => ClientCert().Subject;

Expand Down
6 changes: 3 additions & 3 deletions IdentityServer/v7/MTLS/IdentityServerHost/IdentityServerHost.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="Duende.IdentityServer" Version="7.3.2"/>
<PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="10.0.0" />
<PackageReference Include="Serilog.AspNetCore" Version="9.0.0" />
<PackageReference Include="Duende.IdentityServer" Version="7.4.4" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="10.0.1" />
<PackageReference Include="Serilog.AspNetCore" Version="10.0.0" />
</ItemGroup>

</Project>
4 changes: 2 additions & 2 deletions IdentityServer/v7/MTLS/IdentityServerHost/Pages/Diagnostics/ViewModel.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@
// Licensed under the MIT License. See LICENSE in the project root for license information.


using System.Buffers.Text;
using System.Text;
using System.Text.Json;
using Duende.IdentityModel;
using Microsoft.AspNetCore.Authentication;

namespace IdentityServerHost.Pages.Diagnostics;
Expand All @@ -18,7 +18,7 @@ public ViewModel(AuthenticateResult result)
if (result.Properties.Items.ContainsKey("client_list"))
{
var encoded = result.Properties.Items["client_list"];
var bytes = Base64Url.Decode(encoded);
var bytes = Base64Url.DecodeFromChars(encoded);
var value = Encoding.UTF8.GetString(bytes);

Clients = JsonSerializer.Deserialize<string[]>(value);
Expand Down
Loading