Identity Server 4部署在Azure App Service证书(dev)上的问题 [英] Identity server 4 deployment on Azure App Service Certificate (dev) issue
问题描述
在Azure App服务上部署身份服务器时遇到问题.以下是设置.
I am having issue when deploying Identity server on Azure App services. Following is the setup.
JSclient本地托管. Auth Server在Azure App Service上.
JSclient is hosted locally. Auth Server is on Azure App Service.
var certificate = SSLHelper.GetCertificateCurrentUserMyStore(signingsslthumbprint);
builder
.AddSigningCredential(certificate)
.AddSecretParser<ClientAssertionSecretParser>()
.AddSecretValidator<PrivateKeyJwtSecretValidator>()
.AddAspNetIdentity<User>()
.AddProfileService<ProfileService>();
我已经创建了两个证书,一个用于签名,另一个用于交换.
I have created two certificates one for Signing and another for exchange.
`New-SelfsignedCertificateEx-主题"CN = devsignature" -EKU 1.3.6.1.5.5.7.3.3 -KeySpec"Signature" -KeyUsage"DigitalSignature" -StoreLocation"CurrentUser" -SAN $ domains -SignatureAlgorithm"SHA256"- KeyLength 2048 -FriendlyName"DevSignature" -NotAfter $([System.DateTime] :: Now.AddYears(15))-可导出
`New-SelfsignedCertificateEx -Subject "CN=devsignature" -EKU 1.3.6.1.5.5.7.3.3 -KeySpec "Signature" -KeyUsage "DigitalSignature" -StoreLocation "CurrentUser" -SAN $domains -SignatureAlgorithm "SHA256" -KeyLength 2048 -FriendlyName "DevSignature" -NotAfter $([System.DateTime]::Now.AddYears(15)) -Exportable
New-SelfsignedCertificateEx-主题"CN = *.mydomain.com" -EKU 1.3.6.1.5.5.7.3.1 -KeySpec"Exchange" -KeyUsage"DigitalSignature" -StoreLocation"CurrentUser" -SAN $ domains -SignatureAlgorithm"SHA256"-KeyLength 2048 -FriendlyName" DEVExchange"-NotAfter $([System.DateTime] :: Now.AddYears(15))-可导出`
New-SelfsignedCertificateEx -Subject "CN=*.mydomain.com" -EKU 1.3.6.1.5.5.7.3.1 -KeySpec "Exchange" -KeyUsage "DigitalSignature" -StoreLocation "CurrentUser" -SAN $domains -SignatureAlgorithm "SHA256" -KeyLength 2048 -FriendlyName "DEVExchange" -NotAfter $([System.DateTime]::Now.AddYears(15)) -Exportable`
以下是应用程序服务中的设置,用于检索所有证书.
Following is the in App Service settings for retriving all certificates.
当我在Windows机器上(而不是本地计算机,但在另一台服务器上)部署身份验证服务器时,此方法有效.但是,当我部署到IIS时...
This works when I deploy the auth server on Windows box (not local machine but on another server). However when I deploy to IIS ...
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>d__6.MoveNext() | Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.Invoke
119 | 2017-05-14 20:32:04.4131 | RD0003FF635548 |错误| ExceptionHandlerMiddleware | AsyncTaskMethodBuilder.Start => d__8.MoveNext => ExceptionHandlerMiddleware.Invoke |发生未处理的异常:未配置签名证书.无法创建JWT tokenEXCEPTIONSystem.InvalidOperationException:未配置签名凭证.无法创建JWT令牌
119 | 2017-05-14 20:32:04.4131 | RD0003FF635548 | ERROR | ExceptionHandlerMiddleware | AsyncTaskMethodBuilder.Start => d__8.MoveNext => ExceptionHandlerMiddleware.Invoke | An unhandled exception has occurred: No signing credential is configured. Can't create JWT tokenEXCEPTIONSystem.InvalidOperationException: No signing credential is configured. Can't create JWT token
我正在使用Dev certificate(不是真正的).因此,这是用于分阶段部署.
I am using Dev cerificate (not real one). This is for staged deployment hence.
过去两天尝试过此操作,但无法使其正常工作.
Been trying this for last two days and cant get it to work.
这甚至没有击中api服务器.这只是当JSClient登录重定向到-> AuthServer时.
This is not even hitting api server. This is just when JSClient Login redirect to-> AuthServer.
有人可以帮忙吗?
谢谢
由于@moritzg和@Austin Dimmer,我对它有了进一步的了解.现在,当我使用令牌调用webapi时,将抛出"IDX10803:无法从以下位置获取配置:" https://myauthserver.com/.well-known/openid-configuration ".
I got it bit further Thanks to @moritzg and @Austin Dimmer. Now when I call the webapi using the token it throws me 'IDX10803: Unable to obtain configuration from: 'https://myauthserver.com/.well-known/openid-configuration'.
有什么主意吗?
以下是来自api服务器的调试日志
643 | RD0003FF635548 | DEBUG | LoggingConnectionFilter | MoveNextRunner.InvokeMoveNext => <ReadAsync>d__16.MoveNext =>
LoggingStream.Log | ReadAsync [2266] 47 45 54 20 2F 61 70 69 2F 63 6F 6F 6D 6D 6F 6E 2F 63 61 74 61 ................获取/api/myendpoint HTTP/1.1缓存控制:无缓存连接:保持活动语法: 无缓存接受:文本/纯文本接受编码:gzip,deflate,sdch,br 接受语言:en-US,en; q = 0.8授权:不记名 eyJhbGciOiJSUzI1NiIsImtpZCI6IkVEQTYsdfsdfdsfsdfdsfdscHM6 ......... Cookie:ARRAffinity = e414d40c85d90229be06c3c9de2fzxczxczxc3....... 主机:myapiserver最大转发:10推荐人: https://myapiserver/swagger/用户代理:Mozilla/5.0(Windows NT 10.0; Win64; x64)AppleWebKit/537.36(KHTML,例如Gecko) Chrome/58.0.3029.110 Safari/537.36 X-Live升级:1 X-WAWS-未编码URL:/api/myendpoint X-原始URL:/api/myendpoint X-ARR-LOG-ID:7c2afdfe4c-d3ea-dfer-9570-ffgfgfgfgfd隐藏的主机: myapiserver X-SITE-DEPLOYMENT-ID:myapiserver WAS-DEFAULT-HOSTNAME: myapiserver.azurewebsites.net X-Forwarded-For:XXX.XXX.XXX.XXX:XXXXX, XXX.XXX.XXX.XXX:XXXXX X-ARR-SSL:2048 | 256 | C = XX,S = XXXXX,L = XXXXX, O = XXXX,OU = IT,CN = .mydoamin.com,E = xxx @ xxx.com | C = XX,S = XXXXX,L = XXXX, O = XXXXX,OU = IT,CN = .mydomain.com,E = xxx @ xxx.com MS-ASPNETCORE-TOKEN: XXX-XXX-XXX-XXXX-XXXXXXXXX X-Proto-Proto:https
LoggingStream.Log | ReadAsync[2266] 47 45 54 20 2F 61 70 69 2F 63 6F 6F 6D 6D 6F 6E 2F 63 61 74 61 ................ GET /api/myendpoint HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Accept: text/plain Accept-Encoding: gzip, deflate, sdch, br Accept-Language: en-US,en;q=0.8 Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IkVEQTYsdfsdfdsfsdfdsfdscHM6......... Cookie: ARRAffinity=e414d40c85d90229be06c3c9de2fzxczxczxc3....... Host: myapiserver Max-Forwards: 10 Referer: https://myapiserver/swagger/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 X-LiveUpgrade: 1 X-WAWS-Unencoded-URL: /api/myendpoint X-Original-URL: /api/myendpoint X-ARR-LOG-ID: 7c2afdfe4c-d3ea-dfer-9570-ffgfgfgfgfd DISGUISED-HOST: myapiserver X-SITE-DEPLOYMENT-ID: myapiserver WAS-DEFAULT-HOSTNAME: myapiserver.azurewebsites.net X-Forwarded-For: XXX.XXX.XXX.XXX:XXXXX, XXX.XXX.XXX.XXX:XXXXX X-ARR-SSL: 2048|256|C=XX, S=XXXXX, L=XXXXX, O=XXXX, OU=IT, CN=.mydoamin.com, E=xxx@xxx.com|C=XX, S=XXXXX, L=XXXX, O=XXXXX, OU=IT, CN=.mydomain.com, E=xxx@xxx.com MS-ASPNETCORE-TOKEN: XXX-XXX-XXX-XXXX-XXXXXXXXX X-Forwarded-Proto: https
| Microsoft.AspNetCore.Server.Kestrel.Filter.Internal.LoggingStream.Log 650 | RD0003FF635548 |调试| LoggingConnectionFilter | StreamSocketOutput.ProducingComplete => LoggingStream.Write => LoggingStream.Log |写[111] 48 54 54 50 2F 31 2E 31 20 35 30 30 20 49 6E 74 65 72 6E 61 6C 20 53 65 72 76 65 72 20 45 72 72 6F 72 0D 0A 44 61 74 65 3A 20 57 65 64 2C 20 31 37 20 4D 61 ...... HTTP/1.1 500 内部服务器错误日期:XXXXXXXXXXXXXXXXXXXXXX内容长度:0 服务器:红est
| Microsoft.AspNetCore.Server.Kestrel.Filter.Internal.LoggingStream.Log 650 | RD0003FF635548 | DEBUG | LoggingConnectionFilter | StreamSocketOutput.ProducingComplete => LoggingStream.Write => LoggingStream.Log | Write[111] 48 54 54 50 2F 31 2E 31 20 35 30 30 20 49 6E 74 65 72 6E 61 6C 20 53 65 72 76 65 72 20 45 72 72 6F 72 0D 0A 44 61 74 65 3A 20 57 65 64 2C 20 31 37 20 4D 61 ...... HTTP/1.1 500 Internal Server Error Date: XXXXXXXXXXXXXXXXXXXXXX Content-Length: 0 Server: Kestrel
| Microsoft.AspNetCore.Server.Kestrel.Filter.Internal.LoggingStream.Log 651 | RD0003FF635548 |调试|红est | Frame.WriteSuffix => Connection.Microsoft.AspNetCore.Server.Kestrel.Internal.Http.IConnectionControl.End => KestrelTrace.ConnectionKeepAlive |连接ID"0HL4SVIU4EDP3"已完成,保持活动响应. | Microsoft.AspNetCore.Server.Kestrel.Internal.KestrelTrace.ConnectionKeepAlive
| Microsoft.AspNetCore.Server.Kestrel.Filter.Internal.LoggingStream.Log 651 | RD0003FF635548 | DEBUG | Kestrel | Frame.WriteSuffix => Connection.Microsoft.AspNetCore.Server.Kestrel.Internal.Http.IConnectionControl.End => KestrelTrace.ConnectionKeepAlive | Connection id "0HL4SVIU4EDP3" completed keep alive response. | Microsoft.AspNetCore.Server.Kestrel.Internal.KestrelTrace.ConnectionKeepAlive
以下是来自API服务器的错误日志
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>d__6.MoveNext()
|
Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware + d__6.MoveNext
610 | RD0003FF635548 |错误|红est |
d__2.MoveNext => Frame.ReportApplicationError
=> KestrelTrace.ApplicationError |连接ID"0HL4SVIU4EDP2":
application.EXCEPTIONSystem.InvalidOperationException:IDX10803:
无法从以下位置获取配置:
" https://myauthserver/.well-known/openid-configuration ". --->
System.IO.IOException:IDX10804:无法从以下位置检索文档:
" https://myauthserver/.well-known/openid-configuration ". --->
System.Net.Http.HttpRequestException:发送时发生错误
请求. ---> System.Net.Http.WinHttpException:一个安全错误
发生在
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务
任务)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务
任务)
System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(任务任务)
在System.Net.Http.WinHttpHandler.d__105.MoveNext()
---内部异常堆栈跟踪的结尾---在System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
任务)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务
任务)
System.Net.Http.HttpClient.d__58.MoveNext()
---从上一个引发异常的位置开始的堆栈跟踪---
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务
任务)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务
任务)
Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.d__8.MoveNext()
---内部异常堆栈跟踪的结尾---在Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.d__8.MoveNext()
---从上一个引发异常的位置开始的堆栈跟踪---
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务
任务)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务
任务)
Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.d__3.MoveNext()
---从上一个引发异常的位置开始的堆栈跟踪---
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务
任务)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务
任务)
System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(任务任务)
在
Microsoft.IdentityModel.Protocols.ConfigurationManager 1.<GetConfigurationAsync>d__24.MoveNext()
--- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.ConfigurationManager 1.d__24.MoveNext()
---从上一个引发异常的位置开始的堆栈跟踪---
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务
任务)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务
任务)在System.Runtime.CompilerServices.TaskAwaiter 1.GetResult()
at
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at System.Runtime.CompilerServices.TaskAwaiter 1.GetResult()
在
Microsoft.AspNetCore.Authentication.AuthenticationHandler 1.<InitializeAsync>d__52.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at System.Runtime.CompilerServices.TaskAwaiter.GetResult() 1.d__18.MoveNext()
---从上一个引发异常的位置开始的堆栈跟踪---
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务
任务)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务
任务)
IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationMiddleware.d__7.MoveNext()
---从上一个引发异常的位置开始的堆栈跟踪---
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务
任务)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务
任务),位于System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware
在
Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.d__7.MoveNext()
---从上一个引发异常的位置开始的堆栈跟踪---
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务
任务)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务
任务),位于System.Runtime.CompilerServices.TaskAwaiter.GetResult()
在
Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.d__6.MoveNext()
---从上一个引发异常的位置开始的堆栈跟踪---
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()在
Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.d__6.MoveNext()
---从上一个引发异常的位置开始的堆栈跟踪---
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务
任务)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务
任务),位于System.Runtime.CompilerServices.TaskAwaiter.GetResult()
在
Microsoft.AspNetCore.Server.IISIntegration.IISMiddleware.d__8.MoveNext()
---从上一个引发异常的位置开始的堆栈跟踪---
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务
任务)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务
任务),位于System.Runtime.CompilerServices.TaskAwaiter.GetResult()
在
Microsoft.AspNetCore.Hosting.Internal.RequestServicesContainerMiddleware.d__3.MoveNext()
---从上一个引发异常的位置开始的堆栈跟踪---
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(任务
任务)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(任务
任务)
System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(任务任务)
在
Microsoft.AspNetCore.Server.Kestrel.Internal.Http.Frame`1.d__2.MoveNext()
|
Microsoft.AspNetCore.Server.Kestrel.Internal.KestrelTrace.ApplicationError
|
Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware+d__6.MoveNext
610 | RD0003FF635548 | ERROR | Kestrel |
d__2.MoveNext => Frame.ReportApplicationError
=> KestrelTrace.ApplicationError | Connection id "0HL4SVIU4EDP2": An unhandled exception was thrown by the
application.EXCEPTIONSystem.InvalidOperationException: IDX10803:
Unable to obtain configuration from:
'https://myauthserver/.well-known/openid-configuration'. --->
System.IO.IOException: IDX10804: Unable to retrieve document from:
'https://myauthserver/.well-known/openid-configuration'. --->
System.Net.Http.HttpRequestException: An error occurred while sending
the request. ---> System.Net.Http.WinHttpException: A security error
occurred at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at System.Net.Http.WinHttpHandler.d__105.MoveNext()
--- End of inner exception stack trace --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at
System.Net.Http.HttpClient.d__58.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at
Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.d__8.MoveNext()
--- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at
Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at
Microsoft.IdentityModel.Protocols.ConfigurationManager1.<GetConfigurationAsync>d__24.MoveNext()
--- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.ConfigurationManager1.d__24.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at System.Runtime.CompilerServices.TaskAwaiter1.GetResult()
at
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at System.Runtime.CompilerServices.TaskAwaiter1.GetResult()
at
Microsoft.AspNetCore.Authentication.AuthenticationHandler1.<InitializeAsync>d__52.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at System.Runtime.CompilerServices.TaskAwaiter.GetResult()1.d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at
IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationMiddleware.d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at
Microsoft.AspNetCore.Authentication.AuthenticationMiddleware
at
Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at
Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at
Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at
Microsoft.AspNetCore.Server.IISIntegration.IISMiddleware.d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at
Microsoft.AspNetCore.Hosting.Internal.RequestServicesContainerMiddleware.d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at
System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at
Microsoft.AspNetCore.Server.Kestrel.Internal.Http.Frame`1.d__2.MoveNext()
|
Microsoft.AspNetCore.Server.Kestrel.Internal.KestrelTrace.ApplicationError
在Identity Server(AuthServer)本身上没有生成日志.
No log being generated on Identity Server (AuthServer) itself.
我在调试日志中发现了以下有趣的地方
I find the following bit of interest in Debug log
WAS-DEFAULT-HOSTNAME:myapiserver.azurewebsites.net
WAS-DEFAULT-HOSTNAME: myapiserver.azurewebsites.net
这是指向Azurewebsite URL,而不是myapiserver.mydomain.com,我已在Azure域设置中对其进行了配置.不确定是否对此有任何影响,但是无论如何...
This is pointing to Azurewebsite url rather then myapiserver.mydomain.com which I have got it configured on azure domain settings. Not sure if this has any effect on this but anyway...
最终
我发现了这个问题的根源.基本上,在App服务中,您只能访问CurrentUser的个人存储,这意味着自签名证书将不起作用.您将需要购买一个真正的. (简化到Mircorsoft Azure!).
I have found out what the root of this problem. Basically in App service you can only access the CurrentUser's Personal store which means the Self-signed certificate will not work . You will need to purchase a real one. (Thumbs down to Mircorsoft Azure!).
谢谢
推荐答案
您确定设置正确吗?这是我们制作证书的方式:
Are you sure your setup is correct? This is the way we do the certificates:
- 将证书上传到Azure SSL
- 将
WEBSITE_LOAD_CERTIFICATES与指纹一起使用
- Upload Certificate to Azure SSL
- Use
WEBSITE_LOAD_CERTIFICATESwith the thumbprint
并在我的ConfigureServices中使用它:`
var certs = new X509Certificate2Collection();
if (CurrentEnvironment.IsDevelopment())
{
certs.Add(new X509Certificate2(Configuration["X509Certificate:CertificateName"], Configuration["X509Certificate:CertificatePassword"]));
} else
{
var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
certs = store.Certificates.Find(X509FindType.FindByThumbprint, Configuration["WEBSITE_LOAD_CERTIFICATES"], false);
}
然后:.AddSigningCredential(certs[0])
这篇关于Identity Server 4部署在Azure App Service证书(dev)上的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
