今天我把WebAPI部署到CentOS Docker容器中运行,发现原有在Windows下允许的JWTBearer配置出现了问题
在Window下我一直使用这个配置,没有问题
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.Authority = _authorityconfig.Authority; options.RequireHttpsMetadata = _authorityconfig.RequireHttpsMetadata; options.Audience = "userservicesapi"; //scope; }) ;
但是到Docker中出现了500服务器内部错误,我通过swagger excute看下,已经成功颁发了jwt token了
为什么会出现这个情况呢?
我在docker中通过如下查看日志情况
docker logs --tail 1000 containerid & name
这是错误信息
fail: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[3] Exception occurred while processing message. System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'http://192.168.0.212:40000/.well-known/openid-configuration'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'http://192.168.0.212:40000/.well-known/openid-configuration'. ---> System.Net.Http.HttpRequestException: No route to host ---> System.Net.Sockets.SocketException: No route to host at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken) --- End of inner exception stack trace --- at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken) at System.Threading.Tasks.ValueTask`1.get_Result() at System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Threading.Tasks.ValueTask`1.get_Result() at System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask`1 creationTask) at System.Threading.Tasks.ValueTask`1.get_Result() at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken) at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts) at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel) --- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel) at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel) at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel) --- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel) at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
无法获取到这个配置
http://192.168.0.212:40000/.well-known/openid-configuration
于是我通过
curl http://192.168.0.212:40000/.well-known/openid-configuration
发现是能够得到的,后来发现原来是因为没有设置获取配置的地址的属性:MetadataAddress
于是我们设置好了最后发布到容器中,发现还是不行,依然有这个错误信息,于是我仔细看了下错误问题 下面这段:
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel) at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
这段貌似是需要配置OpenIdConnectConfiguration,没错,就是它了,所以在代码里加上了配置
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.Authority = _authorityconfig.Authority; options.RequireHttpsMetadata = _authorityconfig.RequireHttpsMetadata; options.Audience = "userservicesapi"; //scope; options.MetadataAddress = _authorityconfig.Authority + "/.well-known/openid-configuration"; options.Configuration = new Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration(); });
红色部分为新加入的配置信息,这样我再次重新打包发布到Docker中,请求已成功