docker-compose服务:无法从主机获取配置:/。well-known / openid-configuration

时间:2019-05-19 05:50:47

标签: docker asp.net-core docker-compose identityserver4

我在容器中运行了两个ASP.NET Core服务。一个运行IdentityServer4,另一个运行受IdentityServer保护的API。

使用快速入门中提供的示例代码,我能够通过客户端凭据检索访问令牌,但是,当我尝试使用该令牌调用受保护的API时,我在HTTP响应中收到500个内部服务器错误,以及API中的以下错误:

Connection id "0HLMS3H54RQK4", Request id "0HLMS3H54RQK4:00000001": An unhandled exception was thrown by the application. app_service | System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'http://localhost:5000/.well-known/openid-configuration'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'http://localhost:5000/.well-known/openid-configuration'. ---> System.Net.Http.HttpRequestException: Cannot assign requested address ---> System.Net.Sockets.SocketException: Cannot assign requested address

我的API设置有以下身份验证设置:

    public void ConfigureServices(IServiceCollection services)
    {
        IdentityModelEventSource.ShowPII = true;

        services.AddMvcCore(config => config.Filters.Add(typeof(HttpGlobalExceptionFilter)))
            .AddAuthorization()
            .AddNewtonsoftJson();

        services.AddAuthentication(options => {
            options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
        }).AddJwtBearer(options => 
            {
                options.Authority = "http://localhost:5000";
                options.RequireHttpsMetadata = false;
                options.Audience = "api1";
                // options.Configuration = new OpenIdConnectConfiguration();
            });
    }

如果将options.Configuration = new OpenIdConnectConfiguration();添加到配置中,并重复HTTP调用,我将收到401未经授权的HTTP响应,以及来自API的以下错误:

info: Microsoft.AspNetCore.Hosting.Internal.GenericWebHostService[1]
      Request starting HTTP/1.1 GET http://localhost:5001/api/symptom
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[1]
      Failed to validate the token.
Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match keys:
kid: 'abf47ee27054a0c06ea623917aa66c86',
token: '{"alg":"RS256","kid":"abf47ee27054a0c06ea623917aa66c86","typ":"JWT"}.{"nbf":1558244904,"exp":1558248504,"iss":"http://localhost:5000","aud":["http://localhost:5000/resources","api1"],"client_id":"client","scope":["api1"]}'.
   at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
   at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
   at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[7]
      Bearer was not authenticated. Failure message: IDX10501: Signature validation failed. Unable to match keys:
      kid: 'abf47ee27054a0c06ea623917aa66c86',
      token: '{"alg":"RS256","kid":"abf47ee27054a0c06ea623917aa66c86","typ":"JWT"}.{"nbf":1558244904,"exp":1558248504,"iss":"http://localhost:5000","aud":["http://localhost:5000/resources","api1"],"client_id":"client","scope":["api1"]}'.
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[1]
      Route matched with {action = "Get", controller = "Symptom"}. Executing action AppService.Application.Controllers.SymptomController.Get (AppService.Application)
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[7]
      Bearer was not authenticated. Failure message: IDX10501: Signature validation failed. Unable to match keys:
      kid: 'abf47ee27054a0c06ea623917aa66c86',
      token: '{"alg":"RS256","kid":"abf47ee27054a0c06ea623917aa66c86","typ":"JWT"}.{"nbf":1558244904,"exp":1558248504,"iss":"http://localhost:5000","aud":["http://localhost:5000/resources","api1"],"client_id":"client","scope":["api1"]}'.
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
      Authorization failed.
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[3]
      Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
info: Microsoft.AspNetCore.Mvc.ChallengeResult[1]
      Executing ChallengeResult with authentication schemes (Bearer).
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[12]
      AuthenticationScheme: Bearer was challenged.
info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
      Executed action AppService.Application.Controllers.SymptomController.Get (AppService.Application) in 3.9115ms
info: Microsoft.AspNetCore.Hosting.Internal.GenericWebHostService[2]
      Request finished in 15.5138ms 401

我的docker-compose.yml:

version: "3.7"

services:
  identityService:
    container_name: identity_service
    image: microsoft/dotnet:3.0-sdk
    tty: true
    ports:
      - 5000:80
    volumes:
      - ./services/IdentityService:/app
    working_dir: /app
    command: dotnet watch run

  appService:
    container_name: app_service
    depends_on:
      - identityService
    image: microsoft/dotnet:3.0-sdk
    ports:
      - 5001:80
    volumes:
      - ./services/AppService:/app
    working_dir: /app/AppService.Application
    command: dotnet watch run

有人知道我在做什么错吗?

0 个答案:

没有答案
相关问题
最新问题