欢迎,
这是我第一次尝试使用Docker容器托管服务。我有两项服务:Integrity-Identity
和Integrity-API
。Integrity-Identity
使用的是IdentityServer4的最新版本。这是Integrity-Identity
Startup.cs
配置:
public IServiceProvider ConfigureServices(IServiceCollection services) {
services.AddDbContext<IntegrityIdentityContext>(options =>
options.UseSqlServer(Configuration["connectionString"]));
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<IntegrityIdentityContext>()
.AddDefaultTokenProviders();
services.AddMvc();
services.AddIdentityServer(options => {
options.IssuerUri = null;
})
.AddSigningCredential(Certificate.Certificate.Get())
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddAspNetIdentity<ApplicationUser>()
.AddCorsPolicyService<InMemoryCorsPolicyService>();
RegisterEventBus(services);
services.AddTransient<Seeder>();
var container = new ContainerBuilder();
container.Populate(services);
return new AutofacServiceProvider(container.Build());
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env) {
if (env.IsDevelopment()) {
app.UseDeveloperExceptionPage();
}
app.UseCors(builder => builder.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod().AllowCredentials());
app.UseIdentityServer();
ConfigureEventBus(app);
app.UseMvcWithDefaultRoute();
}
这是
Integrity-API
Startup
类:public IServiceProvider ConfigureServices(IServiceCollection services) {
services.AddDbContext<IntegrityApiContext>(options =>
options.UseSqlServer(Configuration["secrets:connectionString"]));
services.AddMvcCore()
.AddAuthorization()
.AddJsonFormatters();
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = Configuration["IdentityUrl"];
options.ApiName = "integrity_api";
options.RequireHttpsMetadata = false;
});
services.AddCors(options => {
options.AddPolicy("CorsPolicy",
builder => builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
var container = new ContainerBuilder();
container.Populate(services);
return new AutofacServiceProvider(container.Build());
}
docker-compose.override.yml
(我将其附加,但我不知道此问题的重要性)integrity.identity:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://0.0.0.0:443
- ASPNETCORE_HTTPS_PORT=443
- EventBusConnection=rabbitmq
ports:
- "5105:443"
volumes:
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
integrity.api:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443
- ASPNETCORE_HTTPS_PORT=443
- EventBusConnection=rabbitmq
- IdentityUrl=https://integrity.identity
- ApiUrl=https://integrity.api
ports:
- "5115:443"
volumes:
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
当我尝试使用
[Authorize]
属性和生成的 token 从 Controller 获取资源时,Identity-API
返回以下内容:System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://integrity.identity/.well-known/openid-configuration'.
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler.HandleAuthenticateAsync() in C:\local\identity\server4\AccessTokenValidation\src\IdentityServerAuthenticationHandler.cs:line 61
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
编辑1
我忘了添加
/.well-known/openid-configuration
在浏览器中可以使用,并且证书/https是正确的并且可以在没有任何警告的情况下工作。 最佳答案
我找到了解决此问题的方法。该问题是由自签名的本地证书引起的。对于本地开发,我只需要从HTTPS更改为HTTP。就是这样。
关于c# - 无法从IdentityServer4获取配置,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/53483600/