IDX10803:无法创建以获取配置 [英] IDX10803: Unable to create to obtain configuration

问题描述

我的配置有3个站点:Identity Server(Idp)，Windows身份验证主机和最终用户客户端站点.在客户端站点上，我请求一个装饰有[Authorize]的控制器，然后启动Identity Server.

My configuration has 3 sites: Identity Server (Idp), Windows Authentication host and my end-user client site. On the client site, I request a controller decorated with [Authorize] and Identity Server kicks in.

端口44305上的Windows主机显然抛出异常，身份服务器正在接收状态500.我可以毫无问题地访问Windows主机站点URL.我拿回一个XML文档

The windows host at port 44305 is apparently throwing an exception and the identity server is receiving a status 500. I can access the windows host site URL without any problem. I get back an XML document

如何调试并找出导致该身份验证过程停止的异常或错误?我得到了一个由三部分组成的异常，其中最深处如下

How do I debug and find out what that exception or error is that is stopping this authentication process? I get a 3 part exception with the inner most as the following

InvalidOperationException: IDX10803: Unable to create to obtain configuration from: 'https://localhost:44305/'.

Microsoft.IdentityModel.Protocols.ConfigurationManager`1.<GetConfigurationAsync>d__3.MoveNext() in ConfigurationManager.cs

Windows Host OWIN启动正在使用UseWindowsAuthenticationService

The Windows Host OWIN startup is using UseWindowsAuthenticationService

Identity Server OWIN正在使用AuthenticationOptions = WsFederationAuthenticationOptions

The Identity Server OWIN is using AuthenticationOptions = WsFederationAuthenticationOptions

var wsFederationOptions = new WsFederationAuthenticationOptions
            {
                AuthenticationType = "windows",
                Caption = "Windows",
                SignInAsAuthenticationType = signInAsType,
                MetadataAddress = "https://localhost:44305/",
                Wtrealm = "urn:idsrv3"
            };
            app.UseWsFederationAuthentication(wsFederationOptions);
        }

以下是请求和响应

Request URL:https://localhost:44315/
Request Method:GET
Status Code:302 Found
Response:Location:https://localhost:16433/connect/authorize?client_id=hms2015&redirect_uri=...

Request: https://localhost:16433/connect/authorize?client_id=hms2015&redirect_uri=...
Request Method:GET
Status Code:302 Found
Location:https://localhost:16433/login?signin=fde7508a6634698847c3076c9028604b

Request URL:https://localhost:16433/login?signin=fde7508a6634698847c3076c9028604b
Request Method:GET
Status Code:500 Internal Server Error

我没有可见的SSL问题.使用浏览器，我可以打开来自不同站点的所有页面，而不会发出任何警告.我将localhost IIS Express证书添加到受信任的根证书"中.

I have no visible SSL issues. With my browser, I can open all the pages from the different sites without any warning. I add my localhost IIS Express cert to the Trusted Root Cert.

推荐答案

团队中的另一位开发人员帮助找到了问题.在端口44305运行的Windows身份验证主机已禁用匿名.启用此功能后，重定向过程将再次开始工作.

Another developer on the team helped find the issue. The Windows Authentication host running at port 44305 had anonymous disabled. When this was enabled, the redirected process began to work again.

很遗憾，我们实际上并未检测到错误，而是通过试用&错误(黑客)，它是固定的.我的主要问题是如何调试OWIN应用程序，以便实际上可以看到HTTP 500的详细信息.我希望IdentityServer3日志可以记录来自Win Auth主机的响应.还有为什么这不是401响应代码?

Regrettably, we didn't actually detect the error, but, through trial & error (hacking) it was fixed. My main question was how do I debug an OWIN app so I could actually see the HTTP 500's details. I wish the IdentityServer3 logs could have recorded the response from the Win Auth host. Also why isn't that a 401 response code?

这篇关于IDX10803:无法创建以获取配置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！