几年前,我使用以下代码通过 AWS Cognito 对 ASP .NET 网站进行身份验证,但这可能不是将密钥放入编译代码中的最佳解决方案。我很好奇推荐的方法是什么?应该使用身份中心吗?或者我应该使用凭证文件?我将如何处理将凭据放在生产服务器上?
string accessKey = "xxxxxxxxxx";
string secretKey = "xxxxxxxxxxx";
string poolId = Environment.GetEnvironmentVariable("cognito_pool_id");
string clientId = Environment.GetEnvironmentVariable("app_client_id");
string clientSecret = Environment.GetEnvironmentVariable("app_client_secret");
var awsCredentials = new BasicAWSCredentials(accessKey, secretKey);
var cognitoClient = new AmazonCognitoIdentityProviderClient(awsCredentials, RegionEndpoint.USEast1);
var userPool = new CognitoUserPool(poolId, clientId, cognitoClient, clientSecret);
builder.Services.AddCognitoIdentity();
builder.Services.AddSingleton<IAmazonCognitoIdentityProvider>(cognitoClient);
builder.Services.AddSingleton<CognitoUserPool>(userPool);
builder.Services
.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie();
builder.Services
.ConfigureApplicationCookie(o =>
{
o.Cookie.HttpOnly = true;
o.ExpireTimeSpan = TimeSpan.FromHours(1);
o.SlidingExpiration = true;
o.LoginPath = "/Identity/Account/Login";
o.LogoutPath = "/Identity/Account/Logout";
});