问题描述
这是我的设置
作为无状态可靠ASP.NET Core服务的IdentityServer 4.WebAPI作为可靠的ASP.NET Core服务.
an IdentityServer 4 as a stateless reliable ASP.NET Core service.a WebAPI as a reliable ASP.NET Core service.
将它们与JS客户端一起使用,现在可以与HTTP一起使用.问题出在HTTPS上. WebAPI需要通过htttps [is4URL].众所周知/openid配置来请求openID配置.我收到此错误
using them with a JS client, it is now working with HTTP. The problem is with HTTPS. The WebAPI needs to request the openID config via htttps [is4URL].well-known/openid-configuration. I'm getting this error
有人可以帮助我通过SF Local Cluster Manager在localhost中进行此工作吗?
can anybody help me to make this work in localhost with the SF Local Cluster Manager?
谢谢
推荐答案
这是我的两分钱,但需要验证...
Here's my two cents worth but it will need to be verified...
我假设您已经使用以下文章或类似内容创建了自签名证书,但是该证书具有相同的属性.
I am assuming that you have created a self-signed certificate using following article or similar but the certificate has same properties.
https://docs.microsoft.com/zh-CN/azure/app-service-web/web-sites-configure-ssl-certificate
这意味着无法通过实际的CA验证证书.当然,使用自签名证书是不可能的.
This means that the certificate can not be verified via actual CA. Ofcourse with self-signed certificate this is not possible.
现在,当您将证书上传到Azure App Service时,它将安装在CurrentUser-MyStore中.使用自签名证书,还需要将其安装在LocalMachine Root存储中.
Now when you upload the certificate to Azure App Service it installs in CurrentUser - MyStore. With self-signed certificate, it also needs to be installed in LocalMachine Root store.
这是因为,然后计算机的证书颁发机构可以验证该证书是否有效. (如果我错了,也许安全专家可以纠正我,但这就是我的理论).我在本地托管的Windows服务器上进行了相同的设置,在根证书存储区以及个人存储区中安装了自签名证书,并且该应用程序正常运行.这就是我相信这种情况发生的原因.
This is becouse then the machine's Certificate Authority can verify that certificate to be valid. (May be a security expert can correct me if I am wrong but thats my theory). I have got same setup on my locally hosted windows server where the self-signed certificate is installed in Root Certificate Store as well as Personal store and the app works. This is the reason I belive this happens.
因此,这部分需要验证.以下是向您展示如何在Azure App服务中执行此操作的文章.
So this part which needs to be verified. Following is the article which shows you how you can do this in Azure App service.
再次证明这是一个需要验证的理论. :)
AGAIN THIS IS JUST A THEORY THIS NEEDS TO BE VERIFIED. :)
我刚刚测试过,情况就是如此.在云服务中,您可以按照上面第二个链接所示进行操作,并创建Web Job,该Web Job在适当的商店中安装证书.
I have just tested this and it is the case. In cloud services you can do as shown in second link above and create Web Job which install certificate in appropriate store.
不幸的是,对于Azure App Service,您无权访问根存储.它必须安装在CurrentUser的个人商店中.这意味着自签名证书将不起作用,您必须购买真实的证书. :(我认为这是对Microsoft的真正拒绝.为什么我需要为我的开发/测试环境支付真实证书的费用?(Rant Over)
For Azure App Service unfortunaltly you dont have access to root store. It has to be install in CurrentUser's personal store. Which means the self signed certificate will not work, and you have to purchase a real certificate. :( I think this is a real thumb down to Microsoft. Why should I need to pay for real certificate for my dev/test environment? (Rant Over)
对于Service Fabric,您将需要了解如何在根存储以及个人存储中安装证书(如果可能的话).这是可能有用的链接
For Service Fabric you will need to find out how to install certificate in Root Store as well as personal store (if thats possible at all). Here's Links that might be useful
http://ronaldwildenberg.com/在ssl/上运行Azure Service Fabric集群本地
希望这会有所帮助.
这篇关于ServiceFabric本地群集中的HTTPS通信的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!