欢迎,这是我第一次使用Docker容器来托管服务。我有两个服务:
这里是
Integrity-Identity
和Integrity-API
。
Integrity-Identity
正在使用最新版本的IdentityServer4。下面是Integrity-Identity
的Startup.cs
配置:public IServiceProvider ConfigureServices(IServiceCollection services) {
services.AddDbContext<IntegrityIdentityContext>(options =>
options.UseSqlServer(Configuration["connectionString"]));
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<IntegrityIdentityContext>()
.AddDefaultTokenProviders();
services.AddMvc();
services.AddIdentityServer(options => {
options.IssuerUri = null;
})
.AddSigningCredential(Certificate.Certificate.Get())
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddAspNetIdentity<ApplicationUser>()
.AddCorsPolicyService<InMemoryCorsPolicyService>();
RegisterEventBus(services);
services.AddTransient<Seeder>();
var container = new ContainerBuilder();
container.Populate(services);
return new AutofacServiceProvider(container.Build());
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env) {
if (env.IsDevelopment()) {
app.UseDeveloperExceptionPage();
}
app.UseCors(builder => builder.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod().AllowCredentials());
app.UseIdentityServer();
ConfigureEventBus(app);
app.UseMvcWithDefaultRoute();
}
这里是
Integrity-API
的Startup
类:public IServiceProvider ConfigureServices(IServiceCollection services) {
services.AddDbContext<IntegrityApiContext>(options =>
options.UseSqlServer(Configuration["secrets:connectionString"]));
services.AddMvcCore()
.AddAuthorization()
.AddJsonFormatters();
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = Configuration["IdentityUrl"];
options.ApiName = "integrity_api";
options.RequireHttpsMetadata = false;
});
services.AddCors(options => {
options.AddPolicy("CorsPolicy",
builder => builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
var container = new ContainerBuilder();
container.Populate(services);
return new AutofacServiceProvider(container.Build());
}
docker-compose.override.yml
文件(我将其附加在此,但我不知道它对于这个问题是否重要)
integrity.identity:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://0.0.0.0:443
- ASPNETCORE_HTTPS_PORT=443
- EventBusConnection=rabbitmq
ports:
- "5105:443"
volumes:
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
integrity.api:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443
- ASPNETCORE_HTTPS_PORT=443
- EventBusConnection=rabbitmq
- IdentityUrl=https://integrity.identity
- ApiUrl=https://integrity.api
ports:
- "5115:443"
volumes:
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
当我尝试使用生成的令牌从带有 [Authorize]
属性的控制器获取资源时,Identity-API
返回以下结果:
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://integrity.identity/.well-known/openid-configuration'.
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler.HandleAuthenticateAsync() in C:\local\identity\server4\AccessTokenValidation\src\IdentityServerAuthenticationHandler.cs:line 61
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
编辑 1
我忘记了添加 /.well-known/openid-configuration
可以在浏览器中使用,证书/https也是正确的,并且没有任何警告。