无法从IdentityServer4获取配置

Question

无法从IdentityServer4获取配置

c#asp.net-coredocker-composeidentityserver4asp.net-core-webapi

9

欢迎，这是我第一次使用Docker容器来托管服务。我有两个服务：Integrity-Identity和Integrity-API。 Integrity-Identity正在使用最新版本的IdentityServer4。下面是Integrity-Identity的Startup.cs配置：

public IServiceProvider ConfigureServices(IServiceCollection services) {
        services.AddDbContext<IntegrityIdentityContext>(options =>
            options.UseSqlServer(Configuration["connectionString"]));

        services.AddIdentity<ApplicationUser, IdentityRole>()
            .AddEntityFrameworkStores<IntegrityIdentityContext>()
            .AddDefaultTokenProviders();

        services.AddMvc();

        services.AddIdentityServer(options => {
                options.IssuerUri = null;
            })
            .AddSigningCredential(Certificate.Certificate.Get())
            .AddInMemoryIdentityResources(Config.GetIdentityResources())
            .AddInMemoryApiResources(Config.GetApiResources())
            .AddInMemoryClients(Config.GetClients())
            .AddAspNetIdentity<ApplicationUser>()
            .AddCorsPolicyService<InMemoryCorsPolicyService>();

        RegisterEventBus(services);
        services.AddTransient<Seeder>();

        var container = new ContainerBuilder();
        container.Populate(services);

        return new AutofacServiceProvider(container.Build());
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env) {
        if (env.IsDevelopment()) {
            app.UseDeveloperExceptionPage();
        }

        app.UseCors(builder => builder.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod().AllowCredentials());
        app.UseIdentityServer();
        ConfigureEventBus(app);
        app.UseMvcWithDefaultRoute();
    }

这里是Integrity-API的Startup类：

public IServiceProvider ConfigureServices(IServiceCollection services) {
        services.AddDbContext<IntegrityApiContext>(options =>
            options.UseSqlServer(Configuration["secrets:connectionString"]));

        services.AddMvcCore()
            .AddAuthorization()
            .AddJsonFormatters();

        services.AddAuthentication("Bearer")
            .AddIdentityServerAuthentication(options =>
            {
                options.Authority = Configuration["IdentityUrl"];
                options.ApiName = "integrity_api";
                options.RequireHttpsMetadata = false;
            });

        services.AddCors(options => { 
            options.AddPolicy("CorsPolicy",
                builder => builder.AllowAnyOrigin()
                    .AllowAnyMethod()
                    .AllowAnyHeader()
                    .AllowCredentials());
        });

        var container = new ContainerBuilder();
        container.Populate(services);

        return new AutofacServiceProvider(container.Build());
    }

docker-compose.override.yml文件（我将其附加在此，但我不知道它对于这个问题是否重要）

integrity.identity:
  environment:
    - ASPNETCORE_ENVIRONMENT=Development
    - ASPNETCORE_URLS=https://0.0.0.0:443
    - ASPNETCORE_HTTPS_PORT=443
    - EventBusConnection=rabbitmq
  ports:
    - "5105:443"
  volumes:
    - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro

integrity.api:
  environment:
    - ASPNETCORE_ENVIRONMENT=Development
    - ASPNETCORE_URLS=https://+:443
    - ASPNETCORE_HTTPS_PORT=443
    - EventBusConnection=rabbitmq
    - IdentityUrl=https://integrity.identity
    - ApiUrl=https://integrity.api
  ports:
    - "5115:443"
  volumes:
    - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro

当我尝试使用生成的令牌从带有 [Authorize] 属性的控制器获取资源时，Identity-API 返回以下结果：

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://integrity.identity/.well-known/openid-configuration'.
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
   at IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler.HandleAuthenticateAsync() in C:\local\identity\server4\AccessTokenValidation\src\IdentityServerAuthenticationHandler.cs:line 61
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

编辑 1

我忘记了添加 /.well-known/openid-configuration 可以在浏览器中使用，证书/https也是正确的，并且没有任何警告。

- ksymek

你有没有机会检查这是否有帮助？在IIS上托管时无法从'/.well-known/openid-configuration'获取配置。 - Dmitry Pavlov

它给了我另一个问题，但之前的错误仍然出现。 - ksymek

1个回答

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- ksymek · Accepted Answer

3

我找到了解决这个问题的方法。问题是由于自签名的本地证书引起的。在本地开发中，我只需要从HTTPS更改为HTTP即可。就这样。

- ksymek

请问您能否详细说明一下您所说的将https更改为http是什么意思？您已经设置了options.RequireHttpsMetadata = false;。 - Abhijeet

我在运行 Docker Compose 中的身份验证时遇到了同样的问题，并且出现了错误“System.InvalidOperationException: IDX20803: 无法从以下位置获取配置：'http://localhost:44338/.well-known/openid-configuration”，您能否详细解释一下，我应该从哪里更改 HTTPS 为 HTTP？ - Saad Awan

我通过在VS中右键单击项目并更改设置来进行了更改。 - ksymek