zoukankan      html  css  js  c++  java

  • .NetCore下使用IdentityServer4 & JwtBearer认证授权在CentOS Docker容器中运行遇到的坑及填坑

    今天我把WebAPI部署到CentOS Docker容器中运行,发现原有在Windows下允许的JWTBearer配置出现了问题

    在Window下我一直使用这个配置,没有问题

     services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                  .AddJwtBearer(options =>
                  {
                      options.Authority = _authorityconfig.Authority;
                      options.RequireHttpsMetadata = _authorityconfig.RequireHttpsMetadata;
                      options.Audience = "userservicesapi"; //scope;                 
                  }) ;

    但是到Docker中出现了500服务器内部错误,我通过swagger excute看下,已经成功颁发了jwt token了

    为什么会出现这个情况呢?

    我在docker中通过如下查看日志情况

    docker logs --tail 1000 containerid & name

    这是错误信息

    fail: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[3]
      Exception occurred while processing message.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'http://192.168.0.212:40000/.well-known/openid-configuration'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'http://192.168.0.212:40000/.well-known/openid-configuration'. ---> System.Net.Http.HttpRequestException: No route to host ---> System.Net.Sockets.SocketException: No route to host
   at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask`1 creationTask)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()

    无法获取到这个配置

    http://192.168.0.212:40000/.well-known/openid-configuration

    于是我通过

    curl http://192.168.0.212:40000/.well-known/openid-configuration

    发现是能够得到的,后来发现原来是因为没有设置获取配置的地址的属性:MetadataAddress

    于是我们设置好了最后发布到容器中,发现还是不行,依然有这个错误信息,于是我仔细看了下错误问题 下面这段:

    at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)

    这段貌似是需要配置OpenIdConnectConfiguration,没错,当时我感觉就是它了,心动异常,所以在代码里加上了配置

     services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                  .AddJwtBearer(options =>
                  {
                      options.Authority = _authorityconfig.Authority;
                      options.RequireHttpsMetadata = _authorityconfig.RequireHttpsMetadata;
                      options.Audience = "userservicesapi"; //scope;
                      options.MetadataAddress = _authorityconfig.Authority + "/.well-known/openid-configuration";
                      options.Configuration = new   Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration();
                  });

    红色部分为新加入的配置信息,这样我再次重新打包发布到Docker中,请求虽然没出现之前的错误,然而授权后请求授权保护接口提示签名错误,授权失败,纠结一段时间之后,我在仔细看了错误信息中的如下信息:

    Unable to retrieve document from: 'http://192.168.0.212:40000/.well-known/openid-configuration'. 
    ---> System.Net.Http.HttpRequestException: No route to host ---> System.Net.Sockets.SocketException: No route to host

    No route to host 这个问题:分析了下原来是因为我虽然是同一个宿主机器,但是我是2个容器,存在容器与容器之间的网络访问问题,这里我防火墙开了40000端口后测试就没有问题了

    当然你也可以把两个容器网络连在一起

    这里就会衍生一个问题:同一个宿主机上的2个容器网络联系在一起或 不同宿主机之间的2个容器的网络联系在一起的处理,具体不说了~
  • 相关阅读:
    数字签名与HTTPS详解
    利用策略模式优化过多 if else 代码
    Redis 的事务到底是不是原子性的
    Spring Boot项目的接口防刷
    深入分析 ThreadLocal
    什么是四层和七层负载均衡?他们之间的区别是什么?
    MyEclipse或Eclipse中project的导入和导出
    org.hibernate.exception.ConstraintViolationException: could not insert:
    C++ STL vector(向量容器)的使用(附完整程序代码)
    Swift2.0语言教程之函数嵌套调用形式
  • 原文地址:https://www.cnblogs.com/liyouming/p/9957902.html
Copyright © 2011-2022 走看看