OpenIddict:两个或多个服务实例计数时出现401错误 [英] OpenIddict: 401 errors when two or more service instance count
问题描述
我有一个带有Angular2 UI的.NET Core应用程序,该应用程序在我使用OpenIddict进行保护的Service Fabric群集中运行.我遵循以下示例: https://github.com/openiddict/openiddict -samples/tree/master/samples/RefreshFlow
I have a .NET Core application with Angular2 UI running in a Service Fabric Cluster that I secured using OpenIddict. I followed this example: https://github.com/openiddict/openiddict-samples/tree/master/samples/RefreshFlow
当我只有一个无状态.NET Core应用程序的实例时,它会很好用.当我将实例计数增加到2时,身份验证失败,并且出现一堆401错误.看来我收到的令牌仅对该特定实例有用,而在其他实例上被拒绝. 我想我知道为什么会这样,但是我不确定该如何解决.
It works great when I only have one instance of the stateless .NET Core application. When I increase the instance count to two, the authentication fails and I get a bunch of 401 errors. It seems that the token I receive is only good for that particular instance and is rejected on the other instance. I think I understand why this is happening, but I’m not sure how to address it.
任何帮助将不胜感激.
推荐答案
OpenIddict依赖 ASP.NET核心数据保护堆栈,以生成和保护其授权码,刷新令牌和访问令牌(除非您明确选择JWT作为访问令牌格式).
OpenIddict relies on the ASP.NET Core Data Protection stack to generate and protect its authorization codes, refresh tokens and access tokens (unless you explicitly opt for JWT as the access token format).
为确保可以在实例之间读取这些令牌,必须将ASP.NET Core数据保护配置为共享同一密钥环.我建议阅读 Microsoft网站上的相关文档如果您需要有关此过程的更多信息.
To ensure these tokens can be read across instances, you must configure ASP.NET Core Data Protection to share the same key ring. I recommend reading the related documentation on Microsoft's website if you need more information about this procedure.
这篇关于OpenIddict:两个或多个服务实例计数时出现401错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
