docker - IdentityServer4：无法从“{servicename}.well-known/openid-configuration”获取配置。码头工人问题

问题描述

我有一个identityserver4容器 ( identitymanagement:5003/localhost:5003) 和一个 mvc 应用程序 ( website.com:5000/localhost:5000)。

一旦两者都在docker中运行并且我尝试去localhost:5000/home/login（被重定向到identityserver）我得到错误

无法从以下位置获取配置：“ https://identitymanagement:5003/.well-known/openid-configuration ”。

这是我所有不同的代码部分

MVC：登录调用

public IActionResult Login()
{
   return Challenge(new AuthenticationProperties
   {
       RedirectUri = "/Manage"
   });
}

MVC：启动.cs

public static IServiceCollection AddCustomAuthentication(this IServiceCollection services, IConfiguration configuration)
    {

        var callBackUrl = configuration.GetValue<string>("logoutCallbackUrl");

        services.AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })
        .AddCookie(x=>x.ExpireTimeSpan = TimeSpan.FromHours(2))
        .AddOpenIdConnect(options =>
        {
            options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.Authority = "https://identitymanagement:5003";
            options.SignedOutRedirectUri = callBackUrl.ToString();
            options.ClientId =  "website";
            options.ClientSecret = "secret";
            options.ResponseType = "code id_token";
            options.SaveTokens = true;
            options.GetClaimsFromUserInfoEndpoint = true;
            options.RequireHttpsMetadata = false;
            options.Scope.Add("openid");
            options.Scope.Add("profile");


        });

        return services;
    }
}

身份服务器启动.cs

public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddDbContext<ApplicationDbContext>(options =>
            options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));


        services.AddIdentity<ApplicationUser, IdentityRole>()
            .AddDefaultUI(UIFramework.Bootstrap4)
            .AddEntityFrameworkStores<ApplicationDbContext>()
            .AddDefaultTokenProviders();


        services.AddIdentityServer()
            .AddDeveloperSigningCredential()
            .AddInMemoryIdentityResources(Config.GetIdentityResources())
            .AddInMemoryApiResources(Config.GetApiResources())
            .AddInMemoryClients(Config.GetClients())
            .AddAspNetIdentity<ApplicationUser>();

    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {

            app.UseDeveloperExceptionPage();
            app.UseDatabaseErrorPage();
        }
        else
        {
            app.UseExceptionHandler("/Error");
        }

        app.UseStaticFiles();
        app.UseIdentityServer();
        app.UseMvcWithDefaultRoute();
    }

}

身份服务器：Config.cs

public class Config
{
    public static IEnumerable<ApiResource> GetApiResources()
    {
        return new List<ApiResource>
        {
            new ApiResource("resourceApi", "API Application")
        };
    }

    // scopes define the resources in your system
    public static IEnumerable<IdentityResource> GetIdentityResources()
    {
        return new List<IdentityResource>
        {
            new IdentityResources.OpenId(),
            new IdentityResources.Profile(),
            new IdentityResources.Email()
        };
    }

    public static IEnumerable<Client> GetClients()
    {
        return new List<Client>
        {


            // OpenID Connect implicit flow client (MVC)
            new Client
            {
                ClientId = "website",
                ClientName = "Public Website",
                AllowedGrantTypes = GrantTypes.Hybrid,
                RequireConsent = false,
                ClientSecrets =
                {
                    new Secret("secret".Sha256())
                },

                RedirectUris = { "https://kryptoevents.com:5000/signin-oidc" },
                PostLogoutRedirectUris = { "https://kryptoevents.com:5000/signout-callback-oidc" },
                AllowedScopes =
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    IdentityServerConstants.StandardScopes.Email,

                }
            }
        };
    }

}

docker-compose.override.yml

  identitymanagement:
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+:80
      - ASPNETCORE_HTTPS_PORT=44378
    ports:
      - "60807:80"
      - "5003:443"

  website.com:
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+:80
      - ASPNETCORE_HTTPS_PORT=44395
    ports:
      - "56530:80"
      - "5000:443"

注意 如果我不在 docker 中运行服务，而只是在 IIS 上运行它们，而不是options.Authority = "https://identitymanagement:5003"; 将其更改为"https://localhost:5003"then 一切都按预期工作。

docker内部似乎存在问题并且无法解决identitymanagment

我也尝试使用容器的 IP 地址而不是，identitymanagement我得到了同样的错误。

在 docker 中运行时，在证书方面我需要做任何特别的事情吗？

标签： dockerasp.net-coreasp.net-identityidentityserver4