Asp.net core 生产环境中的标识服务4:“;IDX10501:签名验证失败。“无法匹配密钥”;
我有一个3层.NET核心应用程序,具有:Asp.net core 生产环境中的标识服务4:“;IDX10501:签名验证失败。“无法匹配密钥”;,asp.net-core,cookies,asp.net-identity,identityserver4,bearer-token,Asp.net Core,Cookies,Asp.net Identity,Identityserver4,Bearer Token,我有一个3层.NET核心应用程序,具有: 标识服务器4 API 运动夹克应用程序 在我的本地/dev计算机上,一切正常。但是,我已经安装了所有的东西 进入一个真正的服务器,然后我有一个问题出现 我登录应用程序,玩游戏,然后等待一段时间(不知道有多少时间),然后当我尝试使用该应用程序时,Blazor应用程序崩溃,原因是以下代码: bool isAuthenticated = await _authenticationVerifier.IsAuthenticatedAsync(); if (is
- 标识服务器4
- API
- 运动夹克应用程序
bool isAuthenticated = await _authenticationVerifier.IsAuthenticatedAsync();
if (isAuthenticated)
User = await _userAppService.GetCurrentUserAsync();
“isAuthenticated”是真的,事实上我的cookie看起来不错,但是Blazor应用程序不再被授权连接到API服务器
我在API服务器上收到以下错误消息:
Bearer was not authenticated. Failure message: IDX10501: Signature validation failed. Unable to match key:
kid: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
Exceptions caught: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
token: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
奇怪的是,它工作了一段时间,然后在一段时间后(1/2天),我得到了这个崩溃
我不知道检查什么和/或如何调试此问题。几周以来,我一直在寻找解决方案:-(
我加入一些代码:
在API服务器上:
在Blazor上(服务器端Blazor):
private void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration)
{
context.Services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = configuration["AuthServer:Authority"];
options.RequireHttpsMetadata = true;
options.ApiName = "MyAppName";
});
}
private void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration)
{
context.Services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies", options =>
{
options.ExpireTimeSpan = TimeSpan.FromDays(ApplicationConstants.LoginCookieExpirationDelay);
})
.AddOpenIdConnect("oidc", options =>
{
options.Authority = configuration["AuthServer:Authority"];
options.RequireHttpsMetadata = true;
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.ClientId = configuration["AuthServer:ClientId"];
options.ClientSecret = configuration["AuthServer:ClientSecret"];
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("role");
options.Scope.Add("email");
options.Scope.Add("phone");
options.Scope.Add("SoCloze");
options.ClaimActions.MapAbpClaimTypes();
});
context.Services.AddSingleton<BlazorServerAuthStateCache>();
context.Services.AddScoped<AuthenticationStateProvider, BlazorServerAuthState>();
context.Services.AddScoped<AuthenticationVerifier>();
}
// Identity cookie expiration
context.Services.ConfigureApplicationCookie(options =>
{
options.Cookie.Name = ".AspNetCore.Identity.Application";
options.ExpireTimeSpan = TimeSpan.FromDays(ApplicationConstants.LoginCookieExpirationDelay);
});
var clientConfig = context.Services.GetConfiguration().GetSection("IdentityServer:Clients");
context.Services
.AddAuthentication(options =>
{
options.DefaultScheme = IdentityConstants.ApplicationScheme;
options.DefaultSignInScheme = IdentityConstants.ExternalScheme;
options.RequireAuthenticatedSignIn = true;
})
.AddFacebook("Facebook", options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.AppId = clientConfig["Facebook:ClientId"];
options.AppSecret = clientConfig["Facebook:ClientSecret"];
options.Fields.Add("picture");
})
.AddIdentityCookies();
}