jwt - Azure Web Api Jwt - 无法获取配置套接字被禁止
问题描述
有一个 Asp.Net Core 2.2.1 Web Api 正在尝试获取 OpenId 配置,以便它可以对请求进行身份验证。权威网站恰好是 IdentityServer4。
/.well-known/openid-configuration 看起来是正确的,并且 api 站点正在运行并且不安全的 api 方法可以正常工作。
查看 Kudu 中的日志,我看到以下错误。似乎是由套接字问题引起的,但我不知道这里出了什么问题。
在我的开发机器上本地一切正常,那么我缺少什么/ Azure 需要什么?
System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden]'. --->
System.Net.Http.HttpRequestException: An attempt was made to access a socket
in a way forbidden by its access permissions --->
完整的错误细节;
2019-01-11 11:07:43.096 +00:00 [Error] Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: Exception occurred while processing message.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden]'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden]'. ---> System.Net.Http.HttpRequestException: An attempt was made to access a socket in a way forbidden by its access permissions ---> System.Net.Sockets.SocketException: An attempt was made to access a socket in a way forbidden by its access permissions
at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
at System.Threading.Tasks.ValueTask`1.get_Result()
at System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Threading.Tasks.ValueTask`1.get_Result()
at System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask`1 creationTask)
at System.Threading.Tasks.ValueTask`1.get_Result()
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
解决方案
经过数小时的调试,并打开
IdentityModelEventSource.ShowPII = true; //show detail of error and see problem
要查看知名配置的问题,我发现它没有从 Azure 门户获取应用程序设置。
由于我的设置是嵌套的,我只需要确保 Azure 刀片中的密钥匹配。
IE
{
"AppSettings": {
"ApiUrl": "someUrl",
"AuthorityUrl": "anotherUrl"
}, ...
变成
AppSettings:ApiUrl
简单的错误陷阱。
推荐阅读
- python - 带有圆角的 Pygame 按钮,border_radius 参数不起作用
- sql - 如何在插入触发器之前访问现有数据?
- visual-studio - 在即时窗口中使用 Newtonsoft 序列化 IEnumerable 对象会破坏结果
- c# - Amazon s3上传服务不上传大文件
- haskell-pipes - 如何将 IO 操作插入到管道中
- c# - 如何自动显示一个类的所有属性,这是另一个类的属性?
- java - 无法播放流媒体onstart方法android
- java - 如果匹配参数,则添加要设置的地图值
- python - Odoo 13 如何安装自定义模块
- php - 在我的网络服务器上放置 POST 方法的位置?