身份服务器在服务器重新启动时使用aspnetidentity id_token

Question

我有身份服务器4与aspnetidentity，它正在工作，但在服务器重新启动应用程序重定向用户重新签名。

services.AddIdentityServer(options => 
     { 
      options.Events.RaiseSuccessEvents = true; 
      options.Events.RaiseFailureEvents = true; 
      options.Events.RaiseErrorEvents = true; 
      //options.Authentication.CookieLifetime = TimeSpan.FromSeconds(30); 
      options.Authentication.CookieLifetime = TimeSpan.FromMinutes(20); 
     }).AddSigningCredential(cert) 
      //.AddInMemoryIdentityResources(Config.GetIdentityResources()) 
      //.AddInMemoryApiResources(Config.GetApiResources()) 
      //.AddInMemoryClients(Config.GetClients()) 
      //.AddTestUsers(Config.GetUsers()); 
      .AddConfigurationStore(builder => 
       builder.UseSqlServer(connectionString, options => 
        options.MigrationsAssembly(migrationsAssembly))) 
      .AddOperationalStore(builder => 
       builder.UseSqlServer(connectionString, options => 
        options.MigrationsAssembly(migrationsAssembly))) 
      .AddAspNetIdentity<ApplicationUser>()     
      .AddProfileService<ProfileService>(); 

带访问令牌我没有任何问题，因为它是以cookie格式的客户端浏览器。无论服务器重新启动还是资源允许。

但id_token是相同的情况下，但是当请求去Idmsrv端点连接/授权它获取用户再次登录。

Answer 1

将密钥保存到磁盘而不是存储器中，所以当cookie返回到服务器以使用密钥解密时它将具有密钥。

//参考https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/implementation/key-storage-providers

//参考持续键http://www.tugberkugurlu.com/archive/asp-net-core-authentication-in-a-load-balanced-environment-with-haproxy-and-redis

services.AddDataProtection() //Microsoft.AspNetCore.DataProtection.Redis package 
         .PersistKeysToFileSystem(new DirectoryInfo("F:\\Jana\\Certs\\Keys\\"));