Why "don't use app secrets in production". Is it encrypted secrets safe? It's very acceptable for app configuration, for example, your mentioned SendGrid for password recovery. Is it configuration secrets at all in server? Why do I prohibited? Just copy compiled from development to production and it works.
Startup.cs
public Startup(IConfiguration configuration)
{
Configuration = configuration;
var builder = new ConfigurationBuilder().AddUserSecrets<Startup>();
Konfiguration = builder.Build();
}
public IConfiguration Configuration { get; }
public IConfiguration Konfiguration { get; }
public void ConfigureServices(IServiceCollection services)
....
services.AddSingleton<IEmailSender, EmailSender>();
services.Configure<AuthMessageSenderOptions>(Configuration);
if (Configuration["SendGridKey"] != null)
return;
// linux'e secrets.json nenuskaitomas
services.Configure<AuthMessageSenderOptions>(options => {
options.SendGridKey = Konfiguration["SendGridKey"];
options.SendGridUser = Konfiguration["SendGridUser"];
});
}
HomeController.cs
private readonly IOptions<AuthMessageSenderOptions> _optionsAccessor;
public HomeController(..., IOptions<AuthMessageSenderOptions> optionsAccessor)
{
...
_optionsAccessor = optionsAccessor;
}
public IActionResult Index(...)
{
if (_optionsAccessor.Value.SendGridUser != null)
ModelState.AddModelError("", _optionsAccessor.Value.SendGridUser);
....
Go forward with "Enable account confirmation and password recovery"
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/accconfirm?view=aspnetcore-2.1&tabs=visual-studio#configure-email-provider
