本文介绍了Identity Server 4部署在Azure App Service证书(dev)上的问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

在Azure App服务上部署身份服务器时遇到问题.以下是设置.

I am having issue when deploying Identity server on Azure App services. Following is the setup.

JSclient本地托管.Auth Server在Azure App Service上.

JSclient is hosted locally.Auth Server is on Azure App Service.

                var certificate = SSLHelper.GetCertificateCurrentUserMyStore(signingsslthumbprint);
            builder
                .AddSigningCredential(certificate)
                .AddSecretParser<ClientAssertionSecretParser>()
                .AddSecretValidator<PrivateKeyJwtSecretValidator>()
                .AddAspNetIdentity<User>()
                .AddProfileService<ProfileService>();

我已经创建了两个证书,一个用于签名,另一个用于交换.

I have created two certificates one for Signing and another for exchange.

`New-SelfsignedCertificateEx-主题"CN = devsignature" -EKU 1.3.6.1.5.5.7.3.3 -KeySpec"Signature" -KeyUsage"DigitalSignature" -StoreLocation"CurrentUser" -SAN $ domains -SignatureAlgorithm"SHA256"- KeyLength 2048 -FriendlyName"DevSignature" -NotAfter $([System.DateTime] :: Now.AddYears(15))-可导出

`New-SelfsignedCertificateEx -Subject "CN=devsignature" -EKU 1.3.6.1.5.5.7.3.3 -KeySpec "Signature" -KeyUsage "DigitalSignature" -StoreLocation "CurrentUser" -SAN $domains -SignatureAlgorithm "SHA256" -KeyLength 2048 -FriendlyName "DevSignature" -NotAfter $([System.DateTime]::Now.AddYears(15)) -Exportable

New-SelfsignedCertificateEx-主题"CN = *.mydomain.com" -EKU 1.3.6.1.5.5.7.3.1 -KeySpec"Exchange" -KeyUsage"DigitalSignature" -StoreLocation"CurrentUser" -SAN $ domains -SignatureAlgorithm"SHA256"-KeyLength 2048 -FriendlyName" DEVExchange"-NotAfter $([System.DateTime] :: Now.AddYears(15))-可导出`

New-SelfsignedCertificateEx -Subject "CN=*.mydomain.com" -EKU 1.3.6.1.5.5.7.3.1 -KeySpec "Exchange" -KeyUsage "DigitalSignature" -StoreLocation "CurrentUser" -SAN $domains -SignatureAlgorithm "SHA256" -KeyLength 2048 -FriendlyName "DEVExchange" -NotAfter $([System.DateTime]::Now.AddYears(15)) -Exportable`

以下是应用程序服务中的设置,用于检索所有证书.

Following is the in App Service settings for retriving all certificates.

当我在Windows机器上(而不是本地计算机,但在另一台服务器上)部署身份验证服务器时,此方法有效.但是,当我部署到IIS时...

This works when I deploy the auth server on Windows box (not local machine but on another server). However when I deploy to IIS ...

   at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>d__6.MoveNext() | Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.Invoke

119 | 2017-05-14 20:32:04.4131 | RD0003FF635548 |错误| ExceptionHandlerMiddleware | AsyncTaskMethodBuilder.Start => d__8.MoveNext => ExceptionHandlerMiddleware.Invoke |发生未处理的异常:未配置签名证书.无法创建JWT tokenEXCEPTIONSystem.InvalidOperationException:未配置签名凭证.无法创建JWT令牌

119 | 2017-05-14 20:32:04.4131 | RD0003FF635548 | ERROR | ExceptionHandlerMiddleware | AsyncTaskMethodBuilder.Start => d__8.MoveNext => ExceptionHandlerMiddleware.Invoke | An unhandled exception has occurred: No signing credential is configured. Can't create JWT tokenEXCEPTIONSystem.InvalidOperationException: No signing credential is configured. Can't create JWT token

我正在使用Dev certificate(不是真正的).因此,这是用于分阶段部署.

I am using Dev cerificate (not real one). This is for staged deployment hence.

过去两天尝试过此操作,但无法使其正常工作.

Been trying this for last two days and cant get it to work.

这甚至没有击中api服务器.这只是当JSClient登录重定向到-> AuthServer时.

This is not even hitting api server. This is just when JSClient Login redirect to-> AuthServer.

有人可以帮忙吗?

谢谢

由于@moritzg和@Austin Dimmer,我对它有了进一步的了解.现在,当我使用令牌调用webapi时,将抛出"IDX10803:无法从以下位置获取配置:" https://myauthserver.com/.well-known/openid-configuration ".

I got it bit further Thanks to @moritzg and @Austin Dimmer. Now when I call the webapi using the token it throws me 'IDX10803: Unable to obtain configuration from: 'https://myauthserver.com/.well-known/openid-configuration'.

有什么主意吗?

以下是来自api服务器的调试日志

643 | RD0003FF635548 | DEBUG | LoggingConnectionFilter | MoveNextRunner.InvokeMoveNext => <ReadAsync>d__16.MoveNext =>

LoggingStream.Log | ReadAsync [2266] 47 45 54 20 2F 61 70 69 2F 63 6F 6F 6D 6D 6F 6E 2F 63 61 74 61 ................获取/api/myendpoint HTTP/1.1缓存控制:无缓存连接:保持活动语法: 无缓存接受:文本/纯文本接受编码:gzip,deflate,sdch,br 接受语言:en-US,en; q = 0.8授权:不记名 eyJhbGciOiJSUzI1NiIsImtpZCI6IkVEQTYsdfsdfdsfsdfdsfdscHM6 ......... Cookie:ARRAffinity = e414d40c85d90229be06c3c9de2fzxczxczxc3....... 主机:myapiserver最大转发:10推荐人: https://myapiserver/swagger/用户代理:Mozilla/5.0(Windows NT 10.0; Win64; x64)AppleWebKit/537.36(KHTML,例如Gecko) Chrome/58.0.3029.110 Safari/537.36 X-Live升级:1 X-WAWS-未编码URL:/api/myendpoint X-原始URL:/api/myendpoint X-ARR-LOG-ID:7c2afdfe4c-d3ea-dfer-9570-ffgfgfgfgfd隐藏的主机: myapiserver X-SITE-DEPLOYMENT-ID:myapiserver WAS-DEFAULT-HOSTNAME: myapiserver.azurewebsites.net X-Forwarded-For:XXX.XXX.XXX.XXX:XXXXX, XXX.XXX.XXX.XXX:XXXXX X-ARR-SSL:2048 | 256 | C = XX,S = XXXXX,L = XXXXX, O = XXXX,OU = IT,CN = .mydoamin.com,E = xxx @ xxx.com | C = XX,S = XXXXX,L = XXXX, O = XXXXX,OU = IT,CN = .mydomain.com,E = xxx @ xxx.com MS-ASPNETCORE-TOKEN: XXX-XXX-XXX-XXXX-XXXXXXXXX X-Proto-Proto:https

LoggingStream.Log | ReadAsync[2266] 47 45 54 20 2F 61 70 69 2F 63 6F 6F 6D 6D 6F 6E 2F 63 61 74 61 ................ GET /api/myendpoint HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Accept: text/plain Accept-Encoding: gzip, deflate, sdch, br Accept-Language: en-US,en;q=0.8 Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkVEQTYsdfsdfdsfsdfdsfdscHM6......... Cookie: ARRAffinity=e414d40c85d90229be06c3c9de2fzxczxczxc3....... Host: myapiserver Max-Forwards: 10 Referer: https://myapiserver/swagger/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 X-LiveUpgrade: 1 X-WAWS-Unencoded-URL: /api/myendpoint X-Original-URL: /api/myendpoint X-ARR-LOG-ID: 7c2afdfe4c-d3ea-dfer-9570-ffgfgfgfgfd DISGUISED-HOST: myapiserver X-SITE-DEPLOYMENT-ID: myapiserver WAS-DEFAULT-HOSTNAME: myapiserver.azurewebsites.net X-Forwarded-For: XXX.XXX.XXX.XXX:XXXXX, XXX.XXX.XXX.XXX:XXXXX X-ARR-SSL: 2048|256|C=XX, S=XXXXX, L=XXXXX, O=XXXX, OU=IT, CN=.mydoamin.com, [email protected]|C=XX, S=XXXXX, L=XXXX, O=XXXXX, OU=IT, CN=.mydomain.com, [email protected] MS-ASPNETCORE-TOKEN: XXX-XXX-XXX-XXXX-XXXXXXXXX X-Forwarded-Proto: https

| Microsoft.AspNetCore.Server.Kestrel.Filter.Internal.LoggingStream.Log 650 | RD0003FF635548 |调试| LoggingConnectionFilter | StreamSocketOutput.ProducingComplete => LoggingStream.Write => LoggingStream.Log |写[111] 48 54 54 50 2F 31 2E 31 20 35 30 30 20 49 6E 74 65 72 6E 61 6C 20 53 65 72 76 65 72 20 45 72 72 6F 72 0D 0A 44 61 74 65 3A 20 57 65 64 2C 20 31 37 20 4D 61 ...... HTTP/1.1 500 内部服务器错误日期:XXXXXXXXXXXXXXXXXXXXXX内容长度:0 服务器:红est

| Microsoft.AspNetCore.Server.Kestrel.Filter.Internal.LoggingStream.Log 650 | RD0003FF635548 | DEBUG | LoggingConnectionFilter | StreamSocketOutput.ProducingComplete => LoggingStream.Write => LoggingStream.Log | Write[111] 48 54 54 50 2F 31 2E 31 20 35 30 30 20 49 6E 74 65 72 6E 61 6C 20 53 65 72 76 65 72 20 45 72 72 6F 72 0D 0A 44 61 74 65 3A 20 57 65 64 2C 20 31 37 20 4D 61 ...... HTTP/1.1 500 Internal Server Error Date: XXXXXXXXXXXXXXXXXXXXXX Content-Length: 0 Server: Kestrel

| Microsoft.AspNetCore.Server.Kestrel.Filter.Internal.LoggingStream.Log 651 | RD0003FF635548 |调试|红est | Frame.WriteSuffix => Connection.Microsoft.AspNetCore.Server.Kestrel.Internal.Http.IConnectionControl.End => KestrelTrace.ConnectionKeepAlive |连接ID"0HL4SVIU4EDP3"已完成,保持活动响应. | Microsoft.AspNetCore.Server.Kestrel.Internal.KestrelTrace.ConnectionKeepAlive

| Microsoft.AspNetCore.Server.Kestrel.Filter.Internal.LoggingStream.Log 651 | RD0003FF635548 | DEBUG | Kestrel | Frame.WriteSuffix => Connection.Microsoft.AspNetCore.Server.Kestrel.Internal.Http.IConnectionControl.End => KestrelTrace.ConnectionKeepAlive | Connection id "0HL4SVIU4EDP3" completed keep alive response. | Microsoft.AspNetCore.Server.Kestrel.Internal.KestrelTrace.ConnectionKeepAlive

以下是来自API服务器的错误日志

at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>d__6.MoveNext()

| Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware + d__6.MoveNext 610 | RD0003FF635548 |错误|红est | d__2.MoveNext => Frame.ReportApplicationError => KestrelTrace.ApplicationError |连接ID"0HL4SVIU4EDP2": application.EXCEPTIONSystem.InvalidOperationException:IDX10803: 无法从以下位置获取配置: " https://myauthserver/.well-known/openid-configuration ". ---> System.IO.IOException:IDX10804:无法从以下位置检索文档: " https://myauthserver/.well-known/openid-configuration ". ---> System.Net.Http.HttpRequestException:发送时发生错误 请求. ---> System.Net.Http.WinHttpException:一个安全错误 发生在 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(任务任务)
在System.Net.Http.WinHttpHandler.d__105.MoveNext()
---内部异常堆栈跟踪的结尾---在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务) System.Net.Http.HttpClient.d__58.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务) Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.d__8.MoveNext() ---内部异常堆栈跟踪的结尾---在Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.d__8.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务) Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.d__3.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(任务任务)
在 Microsoft.IdentityModel.Protocols.ConfigurationManager 1.<GetConfigurationAsync>d__24.MoveNext() --- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.ConfigurationManager 1.d__24.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务)在System.Runtime.CompilerServices.TaskAwaiter 1.GetResult() at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter 1.GetResult() 在 Microsoft.AspNetCore.Authentication.AuthenticationHandler 1.<InitializeAsync>d__52.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware
1.d__18.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务) IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationMiddleware.d__7.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务),位于System.Runtime.CompilerServices.TaskAwaiter.GetResult()
在 Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.d__7.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务),位于System.Runtime.CompilerServices.TaskAwaiter.GetResult()
在 Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.d__6.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()在 Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.d__6.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务),位于System.Runtime.CompilerServices.TaskAwaiter.GetResult()
在 Microsoft.AspNetCore.Server.IISIntegration.IISMiddleware.d__8.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务),位于System.Runtime.CompilerServices.TaskAwaiter.GetResult()
在 Microsoft.AspNetCore.Hosting.Internal.RequestServicesContainerMiddleware.d__3.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(任务任务)
在 Microsoft.AspNetCore.Server.Kestrel.Internal.Http.Frame`1.d__2.MoveNext() | Microsoft.AspNetCore.Server.Kestrel.Internal.KestrelTrace.ApplicationError

| Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware+d__6.MoveNext 610 | RD0003FF635548 | ERROR | Kestrel | d__2.MoveNext => Frame.ReportApplicationError => KestrelTrace.ApplicationError | Connection id "0HL4SVIU4EDP2": An unhandled exception was thrown by the application.EXCEPTIONSystem.InvalidOperationException: IDX10803: Unable to obtain configuration from: 'https://myauthserver/.well-known/openid-configuration'. ---> System.IO.IOException: IDX10804: Unable to retrieve document from: 'https://myauthserver/.well-known/openid-configuration'. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.Http.WinHttpException: A security error occurred at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at System.Net.Http.WinHttpHandler.d__105.MoveNext()
--- End of inner exception stack trace --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Net.Http.HttpClient.d__58.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.d__8.MoveNext() --- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.d__8.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.d__3.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at Microsoft.IdentityModel.Protocols.ConfigurationManager1.<GetConfigurationAsync>d__24.MoveNext() --- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.ConfigurationManager1.d__24.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter1.GetResult() at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter1.GetResult() at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.<InitializeAsync>d__52.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware
1.d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationMiddleware.d__7.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.d__7.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.d__6.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.d__6.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Microsoft.AspNetCore.Server.IISIntegration.IISMiddleware.d__8.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Microsoft.AspNetCore.Hosting.Internal.RequestServicesContainerMiddleware.d__3.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.Frame`1.d__2.MoveNext() | Microsoft.AspNetCore.Server.Kestrel.Internal.KestrelTrace.ApplicationError

在Identity Server(AuthServer)本身上没有生成日志.

No log being generated on Identity Server (AuthServer) itself.

我在调试日志中发现了以下有趣的地方

I find the following bit of interest in Debug log

WAS-DEFAULT-HOSTNAME:myapiserver.azurewebsites.net

WAS-DEFAULT-HOSTNAME: myapiserver.azurewebsites.net

这是指向Azurewebsite URL,而不是myapiserver.mydomain.com,我已在Azure域设置中对其进行了配置.不确定是否对此有任何影响,但是无论如何...

This is pointing to Azurewebsite url rather then myapiserver.mydomain.com which I have got it configured on azure domain settings. Not sure if this has any effect on this but anyway...

最终

我发现了这个问题的根源.基本上,在App服务中,您只能访问CurrentUser的个人存储,这意味着自签名证书将不起作用.您将需要购买一个真正的. (简化到Mircorsoft Azure!).

I have found out what the root of this problem. Basically in App service you can only access the CurrentUser's Personal store which means the Self-signed certificate will not work . You will need to purchase a real one. (Thumbs down to Mircorsoft Azure!).

谢谢

推荐答案

您确定设置正确吗?这是我们制作证书的方式:

Are you sure your setup is correct? This is the way we do the certificates:

  • 将证书上传到Azure SSL
  • WEBSITE_LOAD_CERTIFICATES与指纹一起使用
  • Upload Certificate to Azure SSL
  • Use WEBSITE_LOAD_CERTIFICATES with the thumbprint

并在我的ConfigureServices中使用它:`

var certs = new X509Certificate2Collection();

if (CurrentEnvironment.IsDevelopment())
{
       certs.Add(new X509Certificate2(Configuration["X509Certificate:CertificateName"], Configuration["X509Certificate:CertificatePassword"]));
 } else
 {
       var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
       store.Open(OpenFlags.ReadOnly);
       certs = store.Certificates.Find(X509FindType.FindByThumbprint, Configuration["WEBSITE_LOAD_CERTIFICATES"], false);
 }

然后:.AddSigningCredential(certs[0])

这篇关于Identity Server 4部署在Azure App Service证书(dev)上的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-12 20:20