问题描述
在Azure App服务上部署身份服务器时遇到问题.以下是设置.
I am having issue when deploying Identity server on Azure App services. Following is the setup.
JSclient本地托管.Auth Server在Azure App Service上.
JSclient is hosted locally.Auth Server is on Azure App Service.
var certificate = SSLHelper.GetCertificateCurrentUserMyStore(signingsslthumbprint);
builder
.AddSigningCredential(certificate)
.AddSecretParser<ClientAssertionSecretParser>()
.AddSecretValidator<PrivateKeyJwtSecretValidator>()
.AddAspNetIdentity<User>()
.AddProfileService<ProfileService>();
我已经创建了两个证书,一个用于签名,另一个用于交换.
I have created two certificates one for Signing and another for exchange.
`New-SelfsignedCertificateEx-主题"CN = devsignature" -EKU 1.3.6.1.5.5.7.3.3 -KeySpec"Signature" -KeyUsage"DigitalSignature" -StoreLocation"CurrentUser" -SAN $ domains -SignatureAlgorithm"SHA256"- KeyLength 2048 -FriendlyName"DevSignature" -NotAfter $([System.DateTime] :: Now.AddYears(15))-可导出
`New-SelfsignedCertificateEx -Subject "CN=devsignature" -EKU 1.3.6.1.5.5.7.3.3 -KeySpec "Signature" -KeyUsage "DigitalSignature" -StoreLocation "CurrentUser" -SAN $domains -SignatureAlgorithm "SHA256" -KeyLength 2048 -FriendlyName "DevSignature" -NotAfter $([System.DateTime]::Now.AddYears(15)) -Exportable
New-SelfsignedCertificateEx-主题"CN = *.mydomain.com" -EKU 1.3.6.1.5.5.7.3.1 -KeySpec"Exchange" -KeyUsage"DigitalSignature" -StoreLocation"CurrentUser" -SAN $ domains -SignatureAlgorithm"SHA256"-KeyLength 2048 -FriendlyName" DEVExchange"-NotAfter $([System.DateTime] :: Now.AddYears(15))-可导出`
New-SelfsignedCertificateEx -Subject "CN=*.mydomain.com" -EKU 1.3.6.1.5.5.7.3.1 -KeySpec "Exchange" -KeyUsage "DigitalSignature" -StoreLocation "CurrentUser" -SAN $domains -SignatureAlgorithm "SHA256" -KeyLength 2048 -FriendlyName "DEVExchange" -NotAfter $([System.DateTime]::Now.AddYears(15)) -Exportable`
以下是应用程序服务中的设置,用于检索所有证书.
Following is the in App Service settings for retriving all certificates.
当我在Windows机器上(而不是本地计算机,但在另一台服务器上)部署身份验证服务器时,此方法有效.但是,当我部署到IIS时...
This works when I deploy the auth server on Windows box (not local machine but on another server). However when I deploy to IIS ...
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>d__6.MoveNext() | Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.Invoke
119 | 2017-05-14 20:32:04.4131 | RD0003FF635548 |错误| ExceptionHandlerMiddleware | AsyncTaskMethodBuilder.Start => d__8.MoveNext => ExceptionHandlerMiddleware.Invoke |发生未处理的异常:未配置签名证书.无法创建JWT tokenEXCEPTIONSystem.InvalidOperationException:未配置签名凭证.无法创建JWT令牌
119 | 2017-05-14 20:32:04.4131 | RD0003FF635548 | ERROR | ExceptionHandlerMiddleware | AsyncTaskMethodBuilder.Start => d__8.MoveNext => ExceptionHandlerMiddleware.Invoke | An unhandled exception has occurred: No signing credential is configured. Can't create JWT tokenEXCEPTIONSystem.InvalidOperationException: No signing credential is configured. Can't create JWT token
我正在使用Dev certificate(不是真正的).因此,这是用于分阶段部署.
I am using Dev cerificate (not real one). This is for staged deployment hence.
过去两天尝试过此操作,但无法使其正常工作.
Been trying this for last two days and cant get it to work.
这甚至没有击中api服务器.这只是当JSClient登录重定向到-> AuthServer时.
This is not even hitting api server. This is just when JSClient Login redirect to-> AuthServer.
有人可以帮忙吗?
谢谢
由于@moritzg和@Austin Dimmer,我对它有了进一步的了解.现在,当我使用令牌调用webapi时,将抛出"IDX10803:无法从以下位置获取配置:" https://myauthserver.com/.well-known/openid-configuration ".
I got it bit further Thanks to @moritzg and @Austin Dimmer. Now when I call the webapi using the token it throws me 'IDX10803: Unable to obtain configuration from: 'https://myauthserver.com/.well-known/openid-configuration'.
有什么主意吗?
以下是来自api服务器的调试日志
643 | RD0003FF635548 | DEBUG | LoggingConnectionFilter | MoveNextRunner.InvokeMoveNext => <ReadAsync>d__16.MoveNext =>
LoggingStream.Log | ReadAsync [2266] 47 45 54 20 2F 61 70 69 2F 63 6F 6F 6D 6D 6F 6E 2F 63 61 74 61 ................获取/api/myendpoint HTTP/1.1缓存控制:无缓存连接:保持活动语法: 无缓存接受:文本/纯文本接受编码:gzip,deflate,sdch,br 接受语言:en-US,en; q = 0.8授权:不记名 eyJhbGciOiJSUzI1NiIsImtpZCI6IkVEQTYsdfsdfdsfsdfdsfdscHM6 ......... Cookie:ARRAffinity = e414d40c85d90229be06c3c9de2fzxczxczxc3....... 主机:myapiserver最大转发:10推荐人: https://myapiserver/swagger/用户代理:Mozilla/5.0(Windows NT 10.0; Win64; x64)AppleWebKit/537.36(KHTML,例如Gecko) Chrome/58.0.3029.110 Safari/537.36 X-Live升级:1 X-WAWS-未编码URL:/api/myendpoint X-原始URL:/api/myendpoint X-ARR-LOG-ID:7c2afdfe4c-d3ea-dfer-9570-ffgfgfgfgfd隐藏的主机: myapiserver X-SITE-DEPLOYMENT-ID:myapiserver WAS-DEFAULT-HOSTNAME: myapiserver.azurewebsites.net X-Forwarded-For:XXX.XXX.XXX.XXX:XXXXX, XXX.XXX.XXX.XXX:XXXXX X-ARR-SSL:2048 | 256 | C = XX,S = XXXXX,L = XXXXX, O = XXXX,OU = IT,CN = .mydoamin.com,E = xxx @ xxx.com | C = XX,S = XXXXX,L = XXXX, O = XXXXX,OU = IT,CN = .mydomain.com,E = xxx @ xxx.com MS-ASPNETCORE-TOKEN: XXX-XXX-XXX-XXXX-XXXXXXXXX X-Proto-Proto:https
LoggingStream.Log | ReadAsync[2266] 47 45 54 20 2F 61 70 69 2F 63 6F 6F 6D 6D 6F 6E 2F 63 61 74 61 ................ GET /api/myendpoint HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Accept: text/plain Accept-Encoding: gzip, deflate, sdch, br Accept-Language: en-US,en;q=0.8 Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkVEQTYsdfsdfdsfsdfdsfdscHM6......... Cookie: ARRAffinity=e414d40c85d90229be06c3c9de2fzxczxczxc3....... Host: myapiserver Max-Forwards: 10 Referer: https://myapiserver/swagger/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 X-LiveUpgrade: 1 X-WAWS-Unencoded-URL: /api/myendpoint X-Original-URL: /api/myendpoint X-ARR-LOG-ID: 7c2afdfe4c-d3ea-dfer-9570-ffgfgfgfgfd DISGUISED-HOST: myapiserver X-SITE-DEPLOYMENT-ID: myapiserver WAS-DEFAULT-HOSTNAME: myapiserver.azurewebsites.net X-Forwarded-For: XXX.XXX.XXX.XXX:XXXXX, XXX.XXX.XXX.XXX:XXXXX X-ARR-SSL: 2048|256|C=XX, S=XXXXX, L=XXXXX, O=XXXX, OU=IT, CN=.mydoamin.com, [email protected]|C=XX, S=XXXXX, L=XXXX, O=XXXXX, OU=IT, CN=.mydomain.com, [email protected] MS-ASPNETCORE-TOKEN: XXX-XXX-XXX-XXXX-XXXXXXXXX X-Forwarded-Proto: https
| Microsoft.AspNetCore.Server.Kestrel.Filter.Internal.LoggingStream.Log 650 | RD0003FF635548 |调试| LoggingConnectionFilter | StreamSocketOutput.ProducingComplete => LoggingStream.Write => LoggingStream.Log |写[111] 48 54 54 50 2F 31 2E 31 20 35 30 30 20 49 6E 74 65 72 6E 61 6C 20 53 65 72 76 65 72 20 45 72 72 6F 72 0D 0A 44 61 74 65 3A 20 57 65 64 2C 20 31 37 20 4D 61 ...... HTTP/1.1 500 内部服务器错误日期:XXXXXXXXXXXXXXXXXXXXXX内容长度:0 服务器:红est
| Microsoft.AspNetCore.Server.Kestrel.Filter.Internal.LoggingStream.Log 650 | RD0003FF635548 | DEBUG | LoggingConnectionFilter | StreamSocketOutput.ProducingComplete => LoggingStream.Write => LoggingStream.Log | Write[111] 48 54 54 50 2F 31 2E 31 20 35 30 30 20 49 6E 74 65 72 6E 61 6C 20 53 65 72 76 65 72 20 45 72 72 6F 72 0D 0A 44 61 74 65 3A 20 57 65 64 2C 20 31 37 20 4D 61 ...... HTTP/1.1 500 Internal Server Error Date: XXXXXXXXXXXXXXXXXXXXXX Content-Length: 0 Server: Kestrel
| Microsoft.AspNetCore.Server.Kestrel.Filter.Internal.LoggingStream.Log 651 | RD0003FF635548 |调试|红est | Frame.WriteSuffix => Connection.Microsoft.AspNetCore.Server.Kestrel.Internal.Http.IConnectionControl.End => KestrelTrace.ConnectionKeepAlive |连接ID"0HL4SVIU4EDP3"已完成,保持活动响应. | Microsoft.AspNetCore.Server.Kestrel.Internal.KestrelTrace.ConnectionKeepAlive
| Microsoft.AspNetCore.Server.Kestrel.Filter.Internal.LoggingStream.Log 651 | RD0003FF635548 | DEBUG | Kestrel | Frame.WriteSuffix => Connection.Microsoft.AspNetCore.Server.Kestrel.Internal.Http.IConnectionControl.End => KestrelTrace.ConnectionKeepAlive | Connection id "0HL4SVIU4EDP3" completed keep alive response. | Microsoft.AspNetCore.Server.Kestrel.Internal.KestrelTrace.ConnectionKeepAlive
以下是来自API服务器的错误日志
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>d__6.MoveNext()
| Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware + d__6.MoveNext 610 | RD0003FF635548 |错误|红est | d__2.MoveNext => Frame.ReportApplicationError => KestrelTrace.ApplicationError |连接ID"0HL4SVIU4EDP2": application.EXCEPTIONSystem.InvalidOperationException:IDX10803: 无法从以下位置获取配置: " https://myauthserver/.well-known/openid-configuration ". ---> System.IO.IOException:IDX10804:无法从以下位置检索文档: " https://myauthserver/.well-known/openid-configuration ". ---> System.Net.Http.HttpRequestException:发送时发生错误 请求. ---> System.Net.Http.WinHttpException:一个安全错误 发生在 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(任务任务)
在System.Net.Http.WinHttpHandler.d__105.MoveNext()
---内部异常堆栈跟踪的结尾---在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务) System.Net.Http.HttpClient.d__58.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务) Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.d__8.MoveNext() ---内部异常堆栈跟踪的结尾---在Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.d__8.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务) Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.d__3.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(任务任务)
在 Microsoft.IdentityModel.Protocols.ConfigurationManager 1.<GetConfigurationAsync>d__24.MoveNext() --- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.ConfigurationManager 1.d__24.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务)在System.Runtime.CompilerServices.TaskAwaiter 1.GetResult() at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter 1.GetResult() 在 Microsoft.AspNetCore.Authentication.AuthenticationHandler 1.<InitializeAsync>d__52.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.GetResult() 1.d__18.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务) IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationMiddleware.d__7.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务),位于System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware
在 Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.d__7.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务),位于System.Runtime.CompilerServices.TaskAwaiter.GetResult()
在 Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.d__6.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()在 Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.d__6.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务),位于System.Runtime.CompilerServices.TaskAwaiter.GetResult()
在 Microsoft.AspNetCore.Server.IISIntegration.IISMiddleware.d__8.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务),位于System.Runtime.CompilerServices.TaskAwaiter.GetResult()
在 Microsoft.AspNetCore.Hosting.Internal.RequestServicesContainerMiddleware.d__3.MoveNext() ---从上一个引发异常的位置开始的堆栈跟踪--- System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务 任务) System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(任务任务)
在 Microsoft.AspNetCore.Server.Kestrel.Internal.Http.Frame`1.d__2.MoveNext() | Microsoft.AspNetCore.Server.Kestrel.Internal.KestrelTrace.ApplicationError
| Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware+d__6.MoveNext 610 | RD0003FF635548 | ERROR | Kestrel | d__2.MoveNext => Frame.ReportApplicationError => KestrelTrace.ApplicationError | Connection id "0HL4SVIU4EDP2": An unhandled exception was thrown by the application.EXCEPTIONSystem.InvalidOperationException: IDX10803: Unable to obtain configuration from: 'https://myauthserver/.well-known/openid-configuration'. ---> System.IO.IOException: IDX10804: Unable to retrieve document from: 'https://myauthserver/.well-known/openid-configuration'. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.Http.WinHttpException: A security error occurred at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at System.Net.Http.WinHttpHandler.d__105.MoveNext()
--- End of inner exception stack trace --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Net.Http.HttpClient.d__58.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.d__8.MoveNext() --- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.d__8.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.d__3.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at Microsoft.IdentityModel.Protocols.ConfigurationManager1.<GetConfigurationAsync>d__24.MoveNext() --- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.ConfigurationManager1.d__24.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter1.GetResult() at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter1.GetResult() at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.<InitializeAsync>d__52.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.GetResult()1.d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationMiddleware.d__7.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware
at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.d__7.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.d__6.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.d__6.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Microsoft.AspNetCore.Server.IISIntegration.IISMiddleware.d__8.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Microsoft.AspNetCore.Hosting.Internal.RequestServicesContainerMiddleware.d__3.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.Frame`1.d__2.MoveNext() | Microsoft.AspNetCore.Server.Kestrel.Internal.KestrelTrace.ApplicationError
在Identity Server(AuthServer)本身上没有生成日志.
No log being generated on Identity Server (AuthServer) itself.
我在调试日志中发现了以下有趣的地方
I find the following bit of interest in Debug log
WAS-DEFAULT-HOSTNAME:myapiserver.azurewebsites.net
WAS-DEFAULT-HOSTNAME: myapiserver.azurewebsites.net
这是指向Azurewebsite URL,而不是myapiserver.mydomain.com,我已在Azure域设置中对其进行了配置.不确定是否对此有任何影响,但是无论如何...
This is pointing to Azurewebsite url rather then myapiserver.mydomain.com which I have got it configured on azure domain settings. Not sure if this has any effect on this but anyway...
最终
我发现了这个问题的根源.基本上,在App服务中,您只能访问CurrentUser的个人存储,这意味着自签名证书将不起作用.您将需要购买一个真正的. (简化到Mircorsoft Azure!).
I have found out what the root of this problem. Basically in App service you can only access the CurrentUser's Personal store which means the Self-signed certificate will not work . You will need to purchase a real one. (Thumbs down to Mircorsoft Azure!).
谢谢
推荐答案
您确定设置正确吗?这是我们制作证书的方式:
Are you sure your setup is correct? This is the way we do the certificates:
- 将证书上传到Azure SSL
- 将
WEBSITE_LOAD_CERTIFICATES与指纹一起使用
- Upload Certificate to Azure SSL
- Use
WEBSITE_LOAD_CERTIFICATESwith the thumbprint
并在我的ConfigureServices中使用它:`
var certs = new X509Certificate2Collection();
if (CurrentEnvironment.IsDevelopment())
{
certs.Add(new X509Certificate2(Configuration["X509Certificate:CertificateName"], Configuration["X509Certificate:CertificatePassword"]));
} else
{
var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
certs = store.Certificates.Find(X509FindType.FindByThumbprint, Configuration["WEBSITE_LOAD_CERTIFICATES"], false);
}
然后:.AddSigningCredential(certs[0])
这篇关于Identity Server 4部署在Azure App Service证书(dev)上的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!