如何在 C# 中修复“IDX20804: 无法从：'[PII is hidden]'”的错误

首先，要解决这个问题，您需要找出错误在哪里。将以下代码放入您的 Startup.cs 中以显示真正的错误（不建议在生产环境中使用）：

app.UseDeveloperExceptionPage();

if (env.IsDevelopment())
{
    IdentityModelEventSource.ShowPII = true;
}

就我个人而言，在公司内部网络中本地运行时，我遇到了代理问题。

我遇到了以下问题

[IOException: IDX20804：无法从“[PII is hidden]”检索文档。] Microsoft.IdentityModel.Protocols.d__8.MoveNext() +662 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99 ... [InvalidOperationException：IDX20803：无法从“[PII is hidden]”获取配置。] Microsoft.IdentityModel.Protocols.d__24.MoveNext() +1586 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99

以下解决方案解决了我的问题。 我在startup.cs中添加了以下代码

System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;

注意：要获取有关异常的详细信息，请添加以下行。 您将能够更详细地了解此问题。

Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;

当我创建一个新的 Blazor 应用程序时，遇到了类似的错误 -> Blazor 服务器应用程序，具有单独的用户帐户 -> 连接到云中的现有用户存储 (Azure AD B2C)。

IOException: IDX20807: 无法从 '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' 检索文档。HttpResponseMessage: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'，HttpResponseMessage.Content: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'。Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(string address, CancellationToken cancel)
InvalidOperationException: IDX20803: 无法从 '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]' 获取配置。Microsoft.IdentityModel.Protocols.ConfigurationManager.GetConfigurationAsync(CancellationToken cancel)
请确保在appsettings.json中将域设置为您的Azure AD B2C域，而不是完整的App ID URI。例如，使用<tenant-name>.onmicrosoft.com而不是<tenant-name>.onmicrosoft.com/api。还要查看appsettings.json中的AzureAdB2C ->实例。我将其默认值设置为https://login.microsoftonline.com/tfp，但它无效，当我将其更改为https://<tenant-name>.b2clogin.com/tfp/时，一切都开始正常工作。

我也一样，在没有任何成功的情况下阅读了以下内容。我的设置是工作的，但是当我尝试在另一台机器上加载它时，我遇到了这个问题。

以下是堆栈跟踪，我得到了两个不同应用程序的http状态码400和404。

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden]'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden]'. ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 400 (Bad Request).
   at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
   at Microsoft.AspNetCore.Mvc.ChallengeResult.ExecuteResultAsync(ActionContext context)
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeResultAsync(IActionResult result)
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAlwaysRunResultFilters()
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeFilterPipelineAsync()
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAsync()
   at Microsoft.AspNetCore.Builder.RouterMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.AspNetCore.Builder.Extensions.MapWhenMiddleware.Invoke(HttpContext context)
   HIDDEN LINE
   at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.FeaturePolicy.FeaturePolicyMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.ReferrerPolicy.ReferrerPolicyMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.XContentTypeOptions.XContentTypeOptionsMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.XXssProtection.XXssProtectionMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.XFrameOptions.XFrameOptionsMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.Csp.CspMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden]'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden]'. ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 404 (Not Found).
   at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
   at Microsoft.AspNetCore.Mvc.ChallengeResult.ExecuteResultAsync(ActionContext context)
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeResultAsync(IActionResult result)
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAlwaysRunResultFilters()
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeFilterPipelineAsync()
   at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeAsync()
   at Microsoft.AspNetCore.Builder.RouterMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.AspNetCore.Builder.Extensions.MapWhenMiddleware.Invoke(HttpContext context)
   HIDDEN LINE
   at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.FeaturePolicy.FeaturePolicyMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.ReferrerPolicy.ReferrerPolicyMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.XContentTypeOptions.XContentTypeOptionsMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.XXssProtection.XXssProtectionMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.XFrameOptions.XFrameOptionsMiddleware.Invoke(HttpContext context)
   at Joonasw.AspNetCore.SecurityHeaders.Csp.CspMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

其他讨论此错误的文章。

https://github.com/IdentityServer/IdentityServer4/issues/2337

https://github.com/IdentityServer/IdentityServer4/issues/2672

https://github.com/okta/samples-aspnetcore/issues/10

https://github.com/IdentityServer/IdentityServer4/issues/2186

解决方案： 事实证明，我没有在appsettings.json中配置AzureAD。 我忘记了使用我的User Secrets来配置AzureAD并提供有效凭据。

您需要将以下凭据设置为自己的AzureAd凭据。

{
  "AzureAd": {
    "TenantId": "SOMETHING.onmicrosoft.com",
    "ClientId": "SOMETHING",
    "ClientSecret": "SOMETHING"

  }
}

我遇到了同样的问题，这是因为它必须通过DockerNAT。 (可能并非每个人都获得此IP地址)
以下是我解决问题的方法：

1. 打开命令提示符
2. 键入ipconfig

您将会得到类似于以下内容：
Windows IP Configuration
Ethernet adapter vEthernet (DockerNAT):
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 10.0.75.1 Subnet Mask . . . . . . . . . . . : 255.255.255.240
Default Gateway . . . . . . . . . :

3. Basically copy that IP address to your docker-compose.yml file

   services:

   webmvc:

   build:
   
     context: .\src\Web\WebMvc
   
     dockerfile: Dockerfile
   
   environment:
   
     - IdentityUrl=http://10.0.75.1:5000/ #Change IP and Port
   
   container_name: test
   
   ports:
   
     - "5200:80"
   
   networks:
   
     - frontend
   
   depends_on:
   
     - tokenserver #your identityserver4 service
   

4. Other things to check are:

请确保在您的Startup.cs文件的ConfigureServices方法（WebMvc项目）中包含以下内容，并且它们在您的yml文件中拼写正确。原始答案翻译成"最初的回答"。

        var identityUrl = Configuration.GetValue<string>("IdentityUrl");
        services.AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })
        .AddCookie()
        .AddOpenIdConnect(options => {
            options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;             
            options.Authority = identityUrl.ToString();
            options.SignedOutRedirectUri = "http://localhost:5200/"; //Change to your mvc address
            options.ClientId ="mvc";
            options.ClientSecret = "secret";
            options.ResponseType =  "code id_token";
            options.SaveTokens = true;
            options.GetClaimsFromUserInfoEndpoint = true;
            options.RequireHttpsMetadata = false;
            options.Scope.Add("openid");
            options.Scope.Add("profile");
            options.Scope.Add("offline_access");
            options.TokenValidationParameters = new TokenValidationParameters()
            {
                NameClaimType = "name",
                RoleClaimType = "role"
            };
        });

除此之外，您可能需要在防火墙上打开端口。在我的情况下，我必须打开5000端口。
a. 打开控制面板
b. 系统和安全
c. Windows Defender 防火墙
d. 高级设置
e. 入站规则 => 新建规则...
f. 规则类型 => 端口 ==> 点击下一步
g. 选择协议下的TCP
h. 特定本地端口 => 输入5000
i. 点击下一步 => 选择允许连接
j. 点击下一步
k. 我在何时应用规则下勾选了所有选项 l. 点击下一步 => 输入Docker端口 => 点击完成

我将以下代码添加到startup.cs中，问题得到了解决：

System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;

如果您在Visual Studio项目中遇到了Azure AD B2C的问题，请参考此链接：https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-blazor-server 简而言之，有一个工具可以帮助您配置所有设置。
这将为您节省大量的麻烦，因为需要正确设置许多必需的设置。

这是由于在IISExpress中设置了项目可运行选项，将其更改为项目名称即可解决。 有多个项目可运行选项，因此请在其他选项之前选择项目名称

我的问题通过在startup.cs文件的configuration方法中添加以下代码得到解决。 IdentityModelEventSource.ShowPII = true;