From 4dd04ff335721d86b0ed814dbbc2f8d57fc0a8a0 Mon Sep 17 00:00:00 2001 From: Sven Mitt Date: Mon, 20 Apr 2026 09:28:00 +0300 Subject: [PATCH 1/4] docs: in readme replace reference to .net6.0 with .net8.0 WE2-1180 Signed-off-by: Sven Mitt --- example/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/example/README.md b/example/README.md index ad41bd2..f5970f0 100644 --- a/example/README.md +++ b/example/README.md @@ -219,7 +219,7 @@ To build the application, follow these steps: 4. Update the `OriginUrl` in the `appsettings.json` to match your production environment: ```sh - sed -i 's#"OriginUrl": "https://localhost:44391"#"OriginUrl": "https://example.com"#' WebEid.AspNetCore.Example/bin/Release/net6.0/publish/appsettings.json + sed -i 's#"OriginUrl": "https://localhost:44391"#"OriginUrl": "https://example.com"#' WebEid.AspNetCore.Example/bin/Release/net8.0/publish/appsettings.json ``` ### Building the Docker image From 8c6cbb4f31c92be80a4e54126d95b295443da2a9 Mon Sep 17 00:00:00 2001 From: Sven Mitt Date: Mon, 25 May 2026 10:04:13 +0300 Subject: [PATCH 2/4] docs: in readme replace reference to new example location WE2-1180 Signed-off-by: Sven Mitt --- README.md | 4 ++-- example/README.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 54ed071..c4f0bab 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Additional information regarding the Web eID project can be found on the officia Complete the steps below to add support for secure authentication with eID cards to your ASP.NET Core web application backend. Instructions for the frontend are available [here](https://github.com/web-eid/web-eid.js). -See full example [here](https://github.com/web-eid/web-eid-asp-dotnet-example). +See full example [here](https://github.com/web-eid/web-eid-authtoken-validation-dotnet/tree/main/example). ## 1. Add the library to your project @@ -185,7 +185,7 @@ return new AuthTokenValidatorBuilder() A REST endpoint that issues challenge nonces is required for authentication. The endpoint must support `GET` requests. -In the following example, we are using the [ASP.NET Web APIs RESTful Web Services framework](https://dotnet.microsoft.com/apps/aspnet/apis) to implement the endpoint, see also full implementation [here](https://github.com/web-eid/web-eid-asp-dotnet-example/blob/main/src/WebEid.AspNetCore.Example/Controllers/Api/AuthController.cs). +In the following example, we are using the [ASP.NET Web APIs RESTful Web Services framework](https://dotnet.microsoft.com/apps/aspnet/apis) to implement the endpoint, see also full implementation [here](https://github.com/web-eid/web-eid-authtoken-validation-dotnet/blob/main/example/src/WebEid.AspNetCore.Example/Controllers/Api/AuthController.cs). ```cs using Microsoft.AspNetCore.Mvc; diff --git a/example/README.md b/example/README.md index f5970f0..6c5c857 100644 --- a/example/README.md +++ b/example/README.md @@ -69,7 +69,7 @@ Note that the URL **must not end with a slash** `/` and the URL must be the same ### 3. Configure the trusted certificate authority certificates -The algorithm, which performs the validation of the Web eID authentication token, needs to know which intermediate certificate authorities (CA) are trusted to issue the eID authentication certificates. CA certificates are loaded from `.cer` files in the profile-specific subdirectory of the [`Certificates` resource directory](https://github.com/web-eid/web-eid-asp-dotnet-example/tree/main/src/WebEid.AspNetCore.Example/Certificates). By default, Estonian eID test CA certificates are included in the `Development` profile and production CA certificates in the `Production` profile. +The algorithm, which performs the validation of the Web eID authentication token, needs to know which intermediate certificate authorities (CA) are trusted to issue the eID authentication certificates. CA certificates are loaded from `.cer` files in the profile-specific subdirectory of the [`Certificates` resource directory](https://github.com/web-eid/web-eid-authtoken-validation-dotnet/tree/main/example/src/WebEid.AspNetCore.Example/Certificates). By default, Estonian eID test CA certificates are included in the `Development` profile and production CA certificates in the `Production` profile. In case you need to provide your own CA certificates, add the `.cer` files to the `src/WebEid.AspNetCore.Example/Certificates/{Dev,Prod}` profile-specific directory. @@ -91,7 +91,7 @@ Set up the `libdigidocpp` library as follows: 1. Add RIA repository to install the official _libdigidocpp-csharp_ package: ```sh - wget https://github.com/web-eid/web-eid-asp-dotnet-example/raw/main/src/ria_public_key.gpg + wget https://raw.githubusercontent.com/web-eid/web-eid-authtoken-validation-dotnet/refs/heads/main/example/src/ria_public_key.gpg cp ria_public_key.gpg /usr/share/keyrings/ria-repository.gpg echo "deb [signed-by=/usr/share/keyrings/ria-repository.gpg] https://installer.id.ee/media/ubuntu/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/ria-repository.list ``` From d5698e47e6e02f0580f1818c61b9f5dd6ebfe60c Mon Sep 17 00:00:00 2001 From: Sven Mitt Date: Fri, 29 May 2026 12:15:04 +0300 Subject: [PATCH 3/4] build: use local gpg file WE2-1180 Signed-off-by: Sven Mitt --- .github/workflows/dotnet-build-example.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/dotnet-build-example.yml b/.github/workflows/dotnet-build-example.yml index 6f9f2e7..254bac5 100644 --- a/.github/workflows/dotnet-build-example.yml +++ b/.github/workflows/dotnet-build-example.yml @@ -37,11 +37,8 @@ jobs: - name: Install dependencies run: dotnet restore src/WebEid.AspNetCore.Example.sln --source "https://gitlab.com/api/v4/projects/35362906/packages/nuget/index.json" --source "https://api.nuget.org/v3/index.json" - - name: Download RIA repository public key - run: wget https://github.com/web-eid/web-eid-asp-dotnet-example/raw/main/src/ria_public_key.gpg - - name: Copy RIA repository key to keyrings - run: sudo cp ria_public_key.gpg /usr/share/keyrings/ria-repository.gpg + run: sudo cp src/ria_public_key.gpg /usr/share/keyrings/ria-repository.gpg - name: Add RIA repository to APT run: | From 73cd3cb9f1fb0382e25ec16615caa4f68a703265 Mon Sep 17 00:00:00 2001 From: Sven Mitt Date: Sat, 30 May 2026 12:59:52 +0300 Subject: [PATCH 4/4] docs: separate docker instructions for a quickstart and building own docker image WE2-1180 Signed-off-by: Sven Mitt --- example/README.md | 50 +++++++++++++++--- example/src/Dockerfile | 6 ++- .../Dev/self-signed-server-certificate.pfx | Bin 0 -> 2383 bytes example/src/docker-compose.yml | 7 ++- 4 files changed, 52 insertions(+), 11 deletions(-) create mode 100644 example/src/WebEid.AspNetCore.Example/Certificates/Dev/self-signed-server-certificate.pfx diff --git a/example/README.md b/example/README.md index 6c5c857..419aed7 100644 --- a/example/README.md +++ b/example/README.md @@ -17,6 +17,14 @@ The ASP.NET web application makes use of the following technologies: Complete the steps below to run the example application in order to test authentication and digital signing with Web eID. +```sh +cd example/src +docker compose up +``` +This will start a prebuilt docker image with self-signed certificate on https://localhost:8443 + +## Setup for Development + ### 1. Add the Web eID authentication token validation library to your project #### When using Visual Studio @@ -175,9 +183,10 @@ See the [Web eID Java example application documentation](https://github.com/web- You are running in the `Development` profile, but you have not created an empty file named `EE_T.xml` for TSL cache. Creating the file is mandatory and is described in more detail in the [_Using test TSL lists_](https://github.com/open-eid/libdigidocpp/wiki/Using-test-TSL-lists#preconditions) section of the `libdigidocpp` wiki. -## Building and running with Docker on Ubuntu Linux +## Building and running example web application with Docker on Ubuntu Linux -This section covers the steps required to build the application on an Ubuntu Linux environment and run it using Docker. +In case you want to use web-eid-authtoken-validation-dotnet in your web app, +then please follow these steps in this chapter to build a Docker image in Ubuntu Linux environment. ### Prerequisites @@ -186,13 +195,24 @@ Before you begin, ensure you have the following installed on your system: - .NET SDK 8.0 - libdigidocpp-csharp -You can install them using the following command: +You can install them using the following commands: +Add RIA repository to install the official _libdigidocpp-csharp_ package: +```sh +cp src/ria_public_key.gpg /usr/share/keyrings/ria-repository.gpg +echo "deb [signed-by=/usr/share/keyrings/ria-repository.gpg] https://installer.id.ee/media/ubuntu/ $(lsb_release -cs) main" | sudo -s tee /etc/apt/sources.list.d/ria-repository.list +sudo apt update +``` +then install the packages ```sh sudo apt install dotnet-sdk-8.0 libdigidocpp-csharp ``` +Add a NuGet package source for web-eid-authtoken-validation-dotnet library: -Note: Before installing `libdigidocpp-csharp` you have to have added the RIA repository as a package source. See [For Ubuntu Linux section](#for-ubuntu-linux) for information. +```sh +dotnet nuget add source https://gitlab.com/api/v4/projects/35362906/packages/nuget/index.json --name "Web eID GitLab" +``` +If last command ends with error message, then it is already added and you can move to next step: `error: The name specified has already been added to the list of available package sources. Provide a unique name.` ### Building the application @@ -201,7 +221,7 @@ To build the application, follow these steps: 1. Navigate to the `src` directory: ```sh - cd src + cd example/src ``` 2. Copy the necessary DigiDoc C# library files into your project: @@ -216,10 +236,9 @@ To build the application, follow these steps: dotnet publish --configuration Release WebEid.AspNetCore.Example.sln ``` -4. Update the `OriginUrl` in the `appsettings.json` to match your production environment: - +4. Update the `OriginUrl` in the `appsettings.json` to match your production environment. Please replace https://localhost:8443 with your actual domain name where you intend to run the application: ```sh - sed -i 's#"OriginUrl": "https://localhost:44391"#"OriginUrl": "https://example.com"#' WebEid.AspNetCore.Example/bin/Release/net8.0/publish/appsettings.json + sed -i 's#"OriginUrl": "https://localhost:44391"#"OriginUrl": "https://localhost:8443"#' WebEid.AspNetCore.Example/bin/Release/net8.0/publish/appsettings.json ``` ### Building the Docker image @@ -232,6 +251,21 @@ docker build -t web-eid-asp-dotnet-example . This command builds a Docker image named `web-eid-asp-dotnet-example` using the `Dockerfile` in the current directory. +In order to test the created image, use the example/src/docker-compose.yml. +You will need to replace the official image with the one you just built. +Comment out the official image and add local: +``` +... + #image: registry.gitlab.com/web-eid/service/web-eid-authentication-token-validation-dotnet/web-eid-asp-dotnet-example + image: web-eid-asp-dotnet-example:latest +... +``` + +Then just run: +```sh +docker compose up +``` + ## Running the Docker container with HTTPS support To enable HTTPS support for the .NET application, you have two primary options: diff --git a/example/src/Dockerfile b/example/src/Dockerfile index 33b8ad1..c02568b 100644 --- a/example/src/Dockerfile +++ b/example/src/Dockerfile @@ -15,8 +15,12 @@ RUN echo "deb [signed-by=/usr/share/keyrings/ria-repository.gpg] https://install COPY ./WebEid.AspNetCore.Example/bin/Release/net8.0/publish/ . +COPY ./WebEid.AspNetCore.Example/Certificates/Dev/self-signed-server-certificate.pfx /https/self-signed-server-certificate.pfx + ENV ASPNETCORE_ENVIRONMENT=Production +ENV ASPNETCORE_URLS="https://+:443" +ENV ASPNETCORE_Kestrel__Certificates__Default__Path=/https/self-signed-server-certificate.pfx -EXPOSE 80 +EXPOSE 443 ENTRYPOINT ["dotnet", "WebEid.AspNetCore.Example.dll"] diff --git a/example/src/WebEid.AspNetCore.Example/Certificates/Dev/self-signed-server-certificate.pfx b/example/src/WebEid.AspNetCore.Example/Certificates/Dev/self-signed-server-certificate.pfx new file mode 100644 index 0000000000000000000000000000000000000000..0aa33492888410a72be92c2abcc10136f9fc8253 GIT binary patch literal 2383 zcmZXWX*3iH8^@U$Gh@awS44Ip8H1UzMk2C=>sqqQkR?mkSjLu2W@3c0)Rkf^S(7bF z*>%%msmvIJnX#6!l`Ju3yWRJ^?|sjE-sha>%kO`l=i~4E(PVxb051?t=7)g!krXS+ zwjeKrw}cGkg2>QKG#UC8P3AlCKM@}iMCLp86CeG#vS9eXuLNMcfD$rj3rz;Cqm{t0 z|KOj`4}%aVAr>0BuA}EHzQ>;TL(Dt?03b9F8Pr>9Xi22hmVIYEFeF_u<{mXV&&ZJ3 z4RUA8WZd1NU*Jh!H`6+1wBz%E?5!s2q10^6ea`$Ljab+*3_A!NDOWcK&jB>jQyqZK z6S6*M8>jr*C&XE5r~%dPb!RV72cuIiW|Xlt^AT~653lAHP!mh~;x;xVO`FfD3hqf) z7u#~9jD5nNX=tpzw?DnKZizScso})NcNKLx{hk?-?_RV_2+d0-k^_S6JgtPZQJXKsl`J!EN)QbP1obOW z&zVF!pa1pT_1Qo>#D$?!=IyhbFUHHKU%^}OO^#8WRM|z3XOc0E?~M;ALw(%eD?V}h zK#pVXGZHLQt5ZWylLIU8zRfunLWjVLMLnEchs;Qp4&&O=w(aHJ(DD5a(wKL%TH@kq z22{yqZ{$}ct<;N0Ugpo~fM06W8ELAdmgMvZw6wMfd}tNcm$IJJBi`J_%3tyL#4L?# zd2^fwkqq!UnuuF6BQ+CW?<2*51#1xlEn$t8a%Ix5_UipKoNqKtR5g9Mbs5C2?fqp` z+vr2$5|2AA^~m}9;>~RdrKI+z4H4CQSFBpqwU^MSIFW6*25Nxe$qY((pmX!+({JUE z`hh$c8h@hzJ7;6STCZ??+t(Ms7cXnrbJ#(0fcyB!`Z3L^!*BaVV!u`2+Su2?5=wg! z&s1?16_NBw)i6Du*#!GFv2%qy!*-rUXLr&+38-G^Aw5fJQ)PQ;i*B&T_EzrRuM9Ml zJVy2kQ%M$#5WxCr(_=u^o{SW`Y|-_8Ikl1|cb-Ayn6UWN!&{e4kTls`MM)=+X;JCgYtcBAmW%4f8QI zK)%3Chm`MB*P`|?3KsnwKanh)@+6eq*FP7Rz_jR;AcEW5xuQmj@^P8W9}bv~7NzM2 zd7tIoKK=q>KfK0y9?zwDTb%sX>$AJ(J|YBPCsM|{LTsm(%f|V9zGpf@B6M3sgGj3~3f8$vD~LkalU1WD z^<0t@z}rm>T1s^e!Yp~7M06~NpIum>S}C34izNNnV@c{e_ZAvHed5G9(aOMy>F3Ms zhlq-zO?}?qs8g>TIX4E4@Zer_)uc}$){=kA%T%clwfodIR9k;rx=PK_eLciqUn)0M z7f=ZU`-d;Cu40zCLg+Je5UhZg$8T|qgbTT`vu!Np5ZaobLSQB8A${X1=5EXl~`j{dCqbD`Nawi=TG z;(OzcXk)^Yj&NNfm9{V{xKyGb>}_zJJTl&1`nV*gIN7sg?78g4xmPFj`?4-UZeDe< z7CB2?G*BsHW3aUa;?r0}4g9MSQTrXVX#KOeHrAu}cIc58?4|vn*|Ohe*_tPEQ-877 zWbXp=D+bHq(8OU>G@GBrj_NCydthObMKUNZ)qx+#GO~JaGsmvSwnu|9;#32w-ZEEK zyfI?vL;qNkUkn2Vfp~rnnhb3C2SdOmWMIipLaSI+J*+5wyyji6O@!8M3fWOb7S7#!3=lNpUvdnz zcN=bpjIMl0GVdx&D@+{#?)~Zgo|;B~**yquXu1j{m)SKpwY9Y`REd@v)gOPfTn7!M zP={k~1V>GoeJGRLjter+xk<2YLR}KV@*LpD?UQe%7WC$rRC^$oU0m;&HTPLYa{A9u z3vCB$AHE8<0yz-etuTm4Nb^=-?8B?O=?|Y<&V4SKcgh}qJ@ zQ&2fBVSNf2lT+H}{%bbj3YkwM>~wUPAxEz6)&$)}a$d1c8uy|_qWk!K;_lkFqp zE*-S|?qIrUFl$yStb2y4H$N=I36wC1e&}uk!IHf*coZuy`MCzxjZ7VOfkCtXP)B;( z!oq@}`Zb*@oo^?ktFPg%!!<8DH(t}Pwkg_?Io~~FD1V!Fo(1Be%v66c)|M7*d zc*l7$o^dHR!2=!i(4MN9DcJlFO8JhSMg9f)@H4>d{W|5}pdu7eovxZfoi6|S6}aD^ zR=BqK05c9*vjtjD_!g~*z?#g|oy@?m2JxjAry0SObn}1{(#ZgMq!8-XS#*)$Jb?uH z_|nif`S9yQEI0$Z-E7g#`?}aB#$4y4<{7w2wC0{UZ?g^OiLI3DG_X87*G8FJT_M_i zHzQCf&u3h6hdsP$9w4Q9%N~>t{7P0k#R`q_x*+B9g7x%W5as=3_&cyIz5v*8MF{6! zcz3?!BnlZEubgbpqePA_7=7C