我正在使用Identity Server 4和ASP.NET Core 2.1。
我有一个API和一个Auth应用程序,并尝试执行以下操作:
var discoveryClient = new DiscoveryClient("https://localhost:5002");
discoveryClient.Policy.RequireHttps = true;
var discovery = await discoveryClient.GetAsync();
if (discovery.IsError)
Console.WriteLine(discovery.Error);
但是我遇到了以下错误:
Error connecting to https://localhost:5002/.well-known/openid-configuration:
The SSL connection could not be established
The remote certificate is invalid according to the validation procedure.
但是,如果我在浏览器中访问网址“ https://localhost:5002/.well-known/openid-configuration”,则会得到正确的信息,而不是错误。
我在做什么错了?
API应用程序具有以下配置:
public void ConfigureServices(IServiceCollection services) {
services
.AddMvc()
.SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddRouting(x => { x.LowercaseUrls = true; });
services.AddHsts(x => {
x.Preload = true;
x.IncludeSubDomains = true;
x.MaxAge = TimeSpan.FromDays(60);
});
services.AddHttpsRedirection(x => {
x.RedirectStatusCode = StatusCodes.Status301MovedPermanently;
x.HttpsPort = 5001;
});
services.AddApiVersioning(x => {
x.ApiVersionSelector = new CurrentImplementationApiVersionSelector(x);
x.AssumeDefaultVersionWhenUnspecified = true;
x.DefaultApiVersion = new ApiVersion(1, 0);
x.ReportApiVersions = false;
});
services.AddCors(x => {
x.AddPolicy("AllowAll", y => y.AllowAnyMethod().AllowAnyOrigin().AllowAnyHeader());
});
services.AddAuthorization();
services
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddIdentityServerAuthentication(x => {
x.ApiName = "api";
x.Authority = "https://localhost:5002";
x.RequireHttpsMetadata = false;
});
} // ConfigureServices
public void Configure(IApplicationBuilder application, IHostingEnvironment environment) {
if (environment.IsDevelopment()) {
application.UseDeveloperExceptionPage();
} else {
application.UseHsts();
}
application.UseAuthentication();
application.UseHttpsRedirection();
application.UseMvc();
} // Configure
以及具有以下配置的Auth应用程序:
public void ConfigureServices(IServiceCollection services) {
services
.AddMvc()
.SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddRouting(x => { x.LowercaseUrls = true; });
services.AddHsts(x => {
x.Preload = true;
x.IncludeSubDomains = true;
x.MaxAge = TimeSpan.FromDays(60);
});
services.AddHttpsRedirection(x => {
x.RedirectStatusCode = StatusCodes.Status301MovedPermanently;
x.HttpsPort = 5002;
});
services
.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients())
.AddTestUsers(Config.GetTestUsers());
} // ConfigureServices
public void Configure(IApplicationBuilder application, IHostingEnvironment environment) {
if (environment.IsDevelopment()) {
application.UseDeveloperExceptionPage();
} else {
application.UseHsts();
}
application.UseHttpsRedirection();
application.UseIdentityServer();
application.UseMvc();
} // Configure
其中定义客户端,资源和测试用户的配置为:
public class Config {
public static List<ApiResource> GetApiResources() {
return new List<ApiResource> {
new ApiResource("api", "API Resource")
};
}
public static List<IdentityResource> GetIdentityResources() {
return new List<IdentityResource> {
new IdentityResources.OpenId(),
new IdentityResources.Profile()
};
}
public static List<Client> GetClients() {
return new List<Client> {
new Client {
ClientId = "app",
ClientName = "APP Client",
ClientSecrets = { new Secret("app".Sha256()) },
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = { "api" }
},
new Client {
ClientId = "mvc",
ClientName = "MVC Client",
ClientSecrets = { new Secret("mvc".Sha256()) },
Enabled = true,
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
AllowOfflineAccess = true,
RequireConsent = false,
RedirectUris = { "http://localhost:5002/signin-oidc" },
PostLogoutRedirectUris = { "http://localhost:5002" },
FrontChannelLogoutUri = "http://localhost:5002/signout-oidc",
AllowedScopes = {
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"api"
}
},
new Client {
ClientId = "spa",
ClientName = "SPA Client",
ClientSecrets = { new Secret("spa".Sha256()) },
Enabled = true,
AllowedGrantTypes = GrantTypes.Implicit,
AllowAccessTokensViaBrowser = true,
RequireConsent = false,
AllowedScopes = {
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"api"
},
RedirectUris = { "https://localhost:5000" },
PostLogoutRedirectUris = { "https://localhost:5000/home" },
AllowedCorsOrigins = { "https://localhost:5000" }
}
};
}
public static List<TestUser> GetTestUsers() {
return new List<TestUser> {
new TestUser { SubjectId = "1", Username = "john", Password = "john", Claims = new List<Claim> { new Claim("name", "John") } },
};
}
} // Config