问题
I am using ASP.NET 5, In my solution I have Web API, Identity Server and Angular 2 project and I am authenticating Angular 2 client by using Identity Server, Angular 2 client consumes web api by passing token in http request and web api authenticate token and gives response, for this I have written a custom attribute which checks that user is authenticated or not
When I consume API I am getting following exception and Web API returns 500 internal server error.
System.InvalidOperationException: IDX10803: Unable to obtain configuration from: 'http://xx.xx.xx.x:3926/.well-known/openid-configuration'. ---> System.IO.IOException: IDX10804: Unable to retrieve document from: 'http://xx.xx.xx.x:3926/.well-known/openid-configuration'. ---> System.AggregateException: One or more errors occurred. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond xx.xx.xx.x:3926 at System.Net.Sockets.Socket.EndConnect(IAsyncResult asyncResult) at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
回答1:
If identityserver and the access token validation middleware are hosted in the same application there is a race condition at startup.
The validation middleware tries to load the discovery document, which is not yet available.
In these scenarios, set the DelayLoadMetadata flag on the validation middleware to true.
If you disable the discovery endpoint altogether, you need to configure the issuer and key material on the validation options.
回答2:
I used something like this, and it resolved my issue.
services.AddAuthentication(o => {
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddCookie(cfg => cfg.SlidingExpiration = true)
.AddJwtBearer(cfg =>
{
cfg.Audience = "http://localhost:4200/";
cfg.Authority = "http://localhost:5000/";
cfg.RequireHttpsMetadata = false;
cfg.SaveToken = true;
cfg.TokenValidationParameters = tokenValidationParameters;
cfg.Configuration = new OpenIdConnectConfiguration(); <-- Most IMP Part
});
回答3:
Check your appsettings.json tenant ID and make sure you didn't accidentally copy more than you need for the tenant ID.
回答4:
The reason for this error was proxy and was able to resolve it by implementing the code below:
options.BackchannelHttpHandler = new HttpClientHandler()
{
ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator,
Proxy = new WebProxy(Configuration["System:Proxy"])
};
If you are getting "unable to retrieve document from: '[pii is hidden]'" you need to add below to ConfigureServices:
public void ConfigureServices(IServiceCollection services)
{
......
IdentityModelEventSource.ShowPII = true;
}
I hope this help.
回答5:
I've gotten this error message for a couple of reasons. One was solved with @leastprivilege answer. Another was that my certs-files in my Identity Server project had been lost in Version control. So i just replaced the broken files with the originals and then it worked.
回答6:
Rebuilding my SSO project fixed my problem. Nuget packages were restored as well during rebuilding the project. Hope this helps you.
回答7:
In case this helps anybody else.
I got this error after upgrading a project to .net core 2.0
the fix.
Change the name of the instance within appsettings.json instead of
"AADInstance": "https://login.microsoftonline.com/"
use
"Instance": "https://login.microsoftonline.com/"
来源:https://stackoverflow.com/questions/37693516/unable-to-obtain-configuration-from-well-known-openid-configuration