Docker和身份服务器4,api,角度:无法分配请求的地址

时间:2019-07-08 09:52:29

标签: angular .net-core identityserver4

我在macOS中设置了一个docker(但应该在任何环境中都可以工作):

1)在容器中运行的身份服务器4

启动设置:

"MacTest": {
  "commandName": "Project",
  "environmentVariables": {
    "ASPNETCORE_HTTPS_PORT": "44000",
    "ASPNETCORE_ENVIRONMENT": "MacTest"
  },
  "applicationUrl": "https://0.0.0.0:44000" 
}

dockerfile(dockerfile-idp):

ENTRYPOINT ["dotnet", "run", "--launch-profile", "MacTest"]

作曲家:

identityserver:
image: idp
build: 
  context: .
  dockerfile: ./docker/dockerfile-idp
ports:
 - "9000:9000"
 - "44000:44000"
volumes:
 - .:/idp

2)一个APIsource在运行在容器上的身份服务器上进行身份验证: 启动设置:

"MacTest": {
  "commandName": "Project",
  "environmentVariables": {
    "ASPNETCORE_ENVIRONMENT": "MacLocalTest",
    "ASPNETCORE_HTTPS_PORT": 44100
  },
  "applicationUrl": "https://0.0.0.0:44100"
}

dockerfile(dockerfile-api):

ENTRYPOINT ["dotnet", "run", "--launch-profile", "MacTest"]

作曲家:

  api:
image: api
build: 
  context: .
  dockerfile: ./docker/dockerfile-api
ports:
 - "9100:9100"
 - "44100:44100"
volumes:
 - .:/api

3)在其他容器上运行的有角度的应用程序

问题: Angular登录页面可以连接到身份服务器,并可以获取有效的令牌...确定

它可以Api并检索公共数据...确定

但是它不能使用Authorize调用受保护的方法。我开始相信该api会尝试从身份服务器进行身份验证,但是由于某种原因它无法访问该服务器。

[HttpGet("info")]
[AppAuthorize]   => THIS NOT WORK 
public IActionResult Info()
{
...
}

错误:

System.Net.Sockets.SocketException (99): Cannot assign requested address
   at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
HttpRequestException: Cannot assign requested address
System.Net.Http.ConnectHelper.ConnectAsync(string host, int port, CancellationToken cancellationToken)
System.Threading.Tasks.ValueTask<TResult>.get_Result()
System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
System.Threading.Tasks.ValueTask<TResult>.get_Result()
System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask<ValueTuple<HttpConnection, HttpResponseMessage>> creationTask)
System.Threading.Tasks.ValueTask<TResult>.get_Result()
System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, bool doRequestAuth, CancellationToken cancellationToken)
System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task<HttpResponseMessage> sendTask, HttpRequestMessage request, CancellationTokenSource cts, bool disposeCts)
Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(string address, CancellationToken cancel)

Show raw exception details
System.Net.Http.HttpRequestException: Cannot assign requested address ---> System.Net.Sockets.SocketException: Cannot assign requested address
   at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask`1 creationTask)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
IOException: IDX20804: Unable to retrieve document from: 'https://localhost:44000/.well-known/openid-configuration'.
Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(string address, CancellationToken cancel)
Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(string address, IDocumentRetriever retriever, CancellationToken cancel)
Microsoft.IdentityModel.Protocols.ConfigurationManager<T>.GetConfigurationAsync(CancellationToken cancel)

Show raw exception details
System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://localhost:44000/.well-known/openid-configuration'. ---> System.Net.Http.HttpRequestException: Cannot assign requested address ---> System.Net.Sockets.SocketException: Cannot assign requested address
   at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask`1 creationTask)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://localhost:44000/.well-known/openid-configuration'.
Microsoft.IdentityModel.Protocols.ConfigurationManager<T>.GetConfigurationAsync(CancellationToken cancel)
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
Microsoft.AspNetCore.Authentication.AuthenticationHandler<TOptions>.AuthenticateAsync()
Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, string scheme)
IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler.HandleAuthenticateAsync() in C:\local\identity\server4\AccessTokenValidation\src\IdentityServerAuthenticationHandler.cs
Microsoft.AspNetCore.Authentication.AuthenticationHandler<TOptions>.AuthenticateAsync()
Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, string scheme)
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.InvokeCore(HttpContext context)
Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

我正在尝试设置新的湿作业设置,但颇具挑战性,我什至不知道网络是否有问题。有人可以帮忙吗?

向你致敬

3 个答案:

答案 0 :(得分:1)

因此,您已经显示了很多IdentityServer的设置,但是没有显示很多API的设置。

我最好的选择是以下两个之一:

1)您尚未安装中间件并将其正确设置在API上。因此,API无法使用承载令牌执行任何操作。

摘自文档:Securing APIs 

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
        // base-address of your identityserver
        options.Authority = "https://demo.identityserver.io";

        // name of the API resource
        options.Audience = "api1";
    });

您需要添加权限(即IdentityServer),然后需要告诉IdentityServer它将保护API。所有这些都可以在文档中找到。

2)您的两个Docker容器之间的网络不允许它们相互通信。

尝试使用SSH连接到您的API的docker容器(谷歌如何做到这一点)。尝试使用cURL调用身份服务器,看看是否可以从API的Docker容器内部访问IP。如果无法执行此操作,则需要在两个Docker容器之间设置一个共享的内部网络。

答案 1 :(得分:0)

感谢您的帮助。我想我成功通过了这个错误,现在又出现了另一个错误:

AuthenticationException:根据验证过程,远程证书无效。

身份服务器启动:

services.AddAuthentication("Bearer")
            .AddIdentityServerAuthentication(options =>
            {
                options.Authority = "https://localhost:44000";
                options.SupportedTokens = SupportedTokens.Jwt;
                // Note: Set to true in production
                options.RequireHttpsMetadata = true;
                options.ApiName = "api";
            });

Api启动:

JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
        services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = "oidc";
        })
        .AddIdentityServerAuthentication(options =>
        {
            options.Authority = "https://idp:44000";
            options.RequireHttpsMetadata = true;
            options.ApiName = "api";
        });

我找不到任何解决方案。您认为有任何证书问题吗?

答案 2 :(得分:0)

我解决了我的问题(尚未使用https),但正常的工作流程得以解决。

如果有人遇到相同的问题,我推荐这篇文章: Exactly what I did but I have an angular app in plus

对于https,我建议: To get it work with https

这是非常具有挑战性的,仍然可以做,但是至少完成了这一令人讨厌的步骤。

相关问题
最新问题