Duende IdentityServer v6.1 to v6.2

This upgrade guide covers upgrading from Duende IdentityServer v6.1 to v6.2 (release notes).

What’s New

Duende IdentityServer 6.2 adds:

  • Support for .NET 7.0
  • A new option that can help filter unhandled exceptions out of the logs
  • Bug fixes and ongoing maintenance

There are no changes to the data stores in this release.

Step 1: Update NuGet package

In your IdentityServer host project, update the version of the NuGet. For example in your project file:

<PackageReference Include="Duende.IdentityServer" Version="6.1.0" />

would change to:

<PackageReference Include="Duende.IdentityServer" Version="6.2.0" />

Step 2: Verify Data Protection Configuration

IdentityServer depends on ASP.NET Data Protection. Data Protection encrypts and signs data using keys managed by ASP.NET. Those keys are isolated by application name, which by default is set to the content root path of the host. This prevents multiple applications from sharing encryption keys, which is necessary to protect your encryption against certain forms of attack. However, this means that if your content root path changes, the default settings for data protection will prevent you from using your old keys. Beginning in .NET 6, the content root path was normalized so that it ends with a directory separator. In .NET 7 that change was reverted. This means that your content root path might change if you upgrade from .NET 6 to .NET 7. This can be mitigated by explicitly setting the application name and removing the separator character. See Microsoft’s documentation for more information.

Step 3: Done!

That’s it. Of course, at this point you can and should test that your IdentityServer is updated and working properly.