连接到https：// localhost：5002 / .well-known / openid-configuration时出错

Question

我正在使用Identity Server 4和ASP.NET Core 2.1。

我有一个API和一个Auth应用程序，并尝试执行以下操作：

var discoveryClient = new DiscoveryClient("https://localhost:5002");

discoveryClient.Policy.RequireHttps = true;

var discovery = await discoveryClient.GetAsync();

if (discovery.IsError) 
  Console.WriteLine(discovery.Error);

但是我遇到了以下错误：

Error connecting to https://localhost:5002/.well-known/openid-configuration: 
The SSL connection could not be established
The remote certificate is invalid according to the validation procedure.

但是，如果我在浏览器中访问网址“ https://localhost:5002/.well-known/openid-configuration”，则会得到正确的信息，而不是错误。

我在做什么错了？

API应用程序具有以下配置：

public void ConfigureServices(IServiceCollection services) {

  services
    .AddMvc()
    .SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

  services.AddRouting(x => { x.LowercaseUrls = true; });        

  services.AddHsts(x => {
    x.Preload = true;
    x.IncludeSubDomains = true;
    x.MaxAge = TimeSpan.FromDays(60);
  });

  services.AddHttpsRedirection(x => {
    x.RedirectStatusCode = StatusCodes.Status301MovedPermanently;
    x.HttpsPort = 5001;
  });        

  services.AddApiVersioning(x => {
    x.ApiVersionSelector = new CurrentImplementationApiVersionSelector(x);
    x.AssumeDefaultVersionWhenUnspecified = true;
    x.DefaultApiVersion = new ApiVersion(1, 0);
    x.ReportApiVersions = false;                 
  });      

  services.AddCors(x => {
    x.AddPolicy("AllowAll", y => y.AllowAnyMethod().AllowAnyOrigin().AllowAnyHeader());
  });

  services.AddAuthorization();

  services
    .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddIdentityServerAuthentication(x => {
      x.ApiName = "api";
      x.Authority = "https://localhost:5002";
      x.RequireHttpsMetadata = false;
    });   

} // ConfigureServices

public void Configure(IApplicationBuilder application, IHostingEnvironment environment) {

  if (environment.IsDevelopment()) {        
    application.UseDeveloperExceptionPage();
  } else {
    application.UseHsts();         
  }      

  application.UseAuthentication();
  application.UseHttpsRedirection();      
  application.UseMvc();       

} // Configure

以及具有以下配置的Auth应用程序：

public void ConfigureServices(IServiceCollection services) {

  services
    .AddMvc()
    .SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

  services.AddRouting(x => { x.LowercaseUrls = true; });        

  services.AddHsts(x => {
    x.Preload = true;
    x.IncludeSubDomains = true;
    x.MaxAge = TimeSpan.FromDays(60);
  });

  services.AddHttpsRedirection(x => {
    x.RedirectStatusCode = StatusCodes.Status301MovedPermanently;
    x.HttpsPort = 5002;
  });        

  services
    .AddIdentityServer()
    .AddDeveloperSigningCredential()
    .AddInMemoryIdentityResources(Config.GetIdentityResources())
    .AddInMemoryApiResources(Config.GetApiResources())
    .AddInMemoryClients(Config.GetClients())
    .AddTestUsers(Config.GetTestUsers());

} // ConfigureServices

public void Configure(IApplicationBuilder application, IHostingEnvironment environment) {

  if (environment.IsDevelopment()) {        
    application.UseDeveloperExceptionPage();
  } else {
    application.UseHsts();        
  }      

  application.UseHttpsRedirection();

  application.UseIdentityServer();

  application.UseMvc();

} // Configure

其中定义客户端，资源和测试用户的配置为：

public class Config {

  public static List<ApiResource> GetApiResources() {
    return new List<ApiResource> { 
      new ApiResource("api", "API Resource")
    };
  }

  public static List<IdentityResource> GetIdentityResources() {
    return new List<IdentityResource> { 
      new IdentityResources.OpenId(),
      new IdentityResources.Profile()        
    };
  }

  public static List<Client> GetClients() {

    return new List<Client> { 

      new Client {                  
        ClientId = "app",
        ClientName = "APP Client",        
        ClientSecrets = { new Secret("app".Sha256()) },
        AllowedGrantTypes = GrantTypes.ClientCredentials,                
        AllowedScopes = { "api" }
      },

      new Client {
        ClientId = "mvc",
        ClientName = "MVC Client",
        ClientSecrets = { new Secret("mvc".Sha256()) },
        Enabled = true,
        AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
        AllowOfflineAccess = true,
        RequireConsent = false,
        RedirectUris = { "http://localhost:5002/signin-oidc" },
        PostLogoutRedirectUris = { "http://localhost:5002" },
        FrontChannelLogoutUri =  "http://localhost:5002/signout-oidc",
        AllowedScopes = {
          IdentityServerConstants.StandardScopes.OpenId,
          IdentityServerConstants.StandardScopes.Profile,
          IdentityServerConstants.StandardScopes.Email,
          "api"
        }
      },

      new Client {
        ClientId = "spa",
        ClientName = "SPA Client",
        ClientSecrets = { new Secret("spa".Sha256()) },          
        Enabled = true,
        AllowedGrantTypes = GrantTypes.Implicit,
        AllowAccessTokensViaBrowser = true,        
        RequireConsent = false,
        AllowedScopes = { 
          IdentityServerConstants.StandardScopes.OpenId,
          IdentityServerConstants.StandardScopes.Profile, 
          IdentityServerConstants.StandardScopes.Email,
          "api" 
        },
        RedirectUris = { "https://localhost:5000" },
        PostLogoutRedirectUris = { "https://localhost:5000/home" },
        AllowedCorsOrigins = { "https://localhost:5000" }
      }
    };
  }

  public static List<TestUser> GetTestUsers() {
    return new List<TestUser> { 
      new TestUser { SubjectId = "1", Username = "john", Password = "john", Claims = new List<Claim> { new Claim("name", "John") } },
    };
  }

} // Config