欢迎您,
这是我第一次尝试使用Docker容器托管服务。我有两项服务:Integrity-Identity和Integrity-API。
Integrity-Identity使用的是IdentityServer4的最新版本。这是Integrity-Identity Startup.cs的配置:
public IServiceProvider ConfigureServices(IServiceCollection services) {
services.AddDbContext<IntegrityIdentityContext>(options =>
options.UseSqlServer(Configuration["connectionString"]));
services.AddIdentity<ApplicationUser, IdentityRole>()
.AddEntityFrameworkStores<IntegrityIdentityContext>()
.AddDefaultTokenProviders();
services.AddMvc();
services.AddIdentityServer(options => {
options.IssuerUri = null;
})
.AddSigningCredential(Certificate.Certificate.Get())
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddAspNetIdentity<ApplicationUser>()
.AddCorsPolicyService<InMemoryCorsPolicyService>();
RegisterEventBus(services);
services.AddTransient<Seeder>();
var container = new ContainerBuilder();
container.Populate(services);
return new AutofacServiceProvider(container.Build());
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env) {
if (env.IsDevelopment()) {
app.UseDeveloperExceptionPage();
}
app.UseCors(builder => builder.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod().AllowCredentials());
app.UseIdentityServer();
ConfigureEventBus(app);
app.UseMvcWithDefaultRoute();
}
这是Integrity-API Startup类:
public IServiceProvider ConfigureServices(IServiceCollection services) {
services.AddDbContext<IntegrityApiContext>(options =>
options.UseSqlServer(Configuration["secrets:connectionString"]));
services.AddMvcCore()
.AddAuthorization()
.AddJsonFormatters();
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = Configuration["IdentityUrl"];
options.ApiName = "integrity_api";
options.RequireHttpsMetadata = false;
});
services.AddCors(options => {
options.AddPolicy("CorsPolicy",
builder => builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials());
});
var container = new ContainerBuilder();
container.Populate(services);
return new AutofacServiceProvider(container.Build());
}
docker-compose.override.yml(我附上了附件,但不知道这个问题的重要性)
integrity.identity:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://0.0.0.0:443
- ASPNETCORE_HTTPS_PORT=443
- EventBusConnection=rabbitmq
ports:
- "5105:443"
volumes:
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
integrity.api:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443
- ASPNETCORE_HTTPS_PORT=443
- EventBusConnection=rabbitmq
- IdentityUrl=https://integrity.identity
- ApiUrl=https://integrity.api
ports:
- "5115:443"
volumes:
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
当我尝试从具有[Authorize]属性和生成的令牌的控制器获取资源时,Identity-API返回以下内容:
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://integrity.identity/.well-known/openid-configuration'.
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler.HandleAuthenticateAsync() in C:\local\identity\server4\AccessTokenValidation\src\IdentityServerAuthenticationHandler.cs:line 61
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
我忘记添加/.well-known/openid-configuration在浏览器中的工作原理,并且证书/ https是正确的,并且没有任何警告。
答案 0 :(得分:2)
我找到了解决此问题的方法。该问题是由自签名的本地证书引起的。对于本地开发,我只需要从HTTPS更改为HTTP。就是这样。