请帮助你关注以下神秘&有趣的问题?
IIS网站:
IdentityServer(v 2.0.1) - 用于登录&获取clientToken的服务帐户(用于IdentityServerApi调用)
IdentityServerApi - 用于从DB获取用户数据
的WebSite1
WEBSITE2
WebSite3中
WebSite4
NewWebapp
IdentityServer中的Startup.cs包含所有网站的客户端 NewWebapp最近添加了与其他网站完全相同的配置(只有ReturnUrl不同)
经典(功能)场景是:
WebApp从IdentityServer获取clientToken,这用于对IdentityServerApi的所有请求(包含用户和其他数据)。
目前的行为是:
所有WebSites1-4都能正常工作。但是当NewWebapp尝试获取clientToken时,会出现以下错误:
例外:
System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)
at System.Net.PooledStream.EndWrite(IAsyncResult asyncResult)
at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter1.GetResult() at mySupply_project.Utils.RemoteUserApiProvider.<CallUserApi>d__7.MoveNext() in C:\tfs43\MySupply\MySupply-project-multilingual\mySupply-project\Utils\RemoteUserApiProvider.cs:line 91 InnerException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. Message: Exception StackTrace: at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter1.GetResult()
at mySupply_project.Utils.RemoteUserApiProvider.d__7.MoveNext() in C:\tfs43\MySupply\MySupply-project-multilingual\mySupply-project\Utils\RemoteUserApiProvider.cs:line 91
IdentityServer的TraceLog不包含任何有用的信息。
在Postman中进行测试时,请求处理得很好,clientToken&amp;在所有情况下都会正确返回数据(包括NewWebapp)。
拜托,有没有人知道可能出现什么问题? 非常感谢!
更新
RemoteUserApiProvider调用此方法:
public async Task<string> CallUserApi(string url)
{
var accesToken = ClientToken();
if (string.IsNullOrEmpty(accesToken))
return string.Empty;
try
{
using (var client = new HttpClient())
{
client.SetBearerToken(accesToken);
// turn off validation of a certificate for testing
CheckCertificationSettings();
_logger.LogInfo($"[CallUserApi] Url: {url}");
var result = await client.GetStringAsync(url);
return result;
}
}
catch (Exception ex)
{
_logger.LogException(ex, Source.IdentityServer);
return string.Empty;
}
}
此方法 CallUserApi 调用IdentityServerApi的url(通过https)。
要获取clientToken,通过https调用IdentityServer(而不是Api)。
答案 0 :(得分:0)
这似乎与身份相关的问题,RemoteUserApiProbider调用的URL是什么?检查URL的SSL是否在托管新客户端应用程序的同一个框中受信任。您可以使用powershell或浏览器
<强> 更新 :
尝试浏览this checklist以查看其中任何一个是否匹配