C# IDX20803:无法从以下位置获取配置：'；https://localhost/IdentityServer/Core/.well-known/openid-configuration'

我们正在使用IdentityServer的IdentityServer 3.Membership库。令牌验证在本地和QA机器中都可以使用HTTP进行。但当我们配置为HTTPS时，就会出现下面的错误。 步骤

使用identityserver4.AccessTokenValidation library3.0.1验证Asp.net core 3.0应用程序中的令牌 当我们在IIS中托管时发生错误。并使用自签名证书和CA证书 证书已添加到受信任证书中

Error Details:
04/16/2020 17:19:50.651 -04:00 [Error] IDX20803: Unable to obtain configuration from: 'https://localhost/IdentityServer/Core/.well-known/openid-configuration'.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://localhost/IdentityServer/Core/.well-known/openid-configuration'.
---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://localhost/IdentityServer/Core/.well-known/openid-configuration'.
---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
---> System.ComponentModel.Win32Exception (0x80090331): The client and server cannot communicate, because they do not possess a common algorithm.
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslStream.ThrowIfExceptional()
at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__65_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.DiagnosticsHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts) at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel) --- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel) at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel) at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel) at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync() at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync() at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler.HandleAuthenticateAsync()
04/16/2020 17:19:50.988 -04:00 [Information] "Bearer" was not authenticated. Failure message: "IDX20803: Unable to obtain configuration from: 'https://localhost/IdentityServer/Core/.well-known/openid-configuration'."
04/16/2020 17:19:51.031 -04:00 [Information] AuthenticationScheme: "Bearer" was challenged.

错误详细信息：
2020年4月16日17:19:50.651-04:00[错误]IDX20803:无法从以下位置获取配置：'https://localhost/IdentityServer/Core/.well-known/openid-configuration'.
System.InvalidOperationException:IDX20803:无法从以下位置获取配置：'https://localhost/IdentityServer/Core/.well-known/openid-configuration'.
--->System.IO.IOException:IDX20804:无法从以下位置检索文档：'https://localhost/IdentityServer/Core/.well-known/openid-configuration'.
--->System.Net.Http.HttpRequestException:无法建立SSL连接，请参阅内部异常。
--->System.Security.Authentication.AuthenticationException:身份验证失败，请参阅内部异常。
--->System.ComponentModel.Win32Exception（0x80090331）：客户端和服务器无法通信，因为它们没有通用算法。
---内部异常堆栈跟踪的结束---
位于System.Net.Security.SslStream.StartSendAuthResetSignal（ProtocolToken消息、AsyncProtocolRequest asyncRequest、ExceptionDispatchInfo异常）
在System.Net.Security.SslStream.CheckCompletionBeforeNextReceive（ProtocolToken消息，AsyncProtocolRequest asyncRequest）
位于System.Net.Security.SslStream.StartSendBlob（字节[]传入，Int32计数，AsyncProtocolRequest asyncRequest）
位于System.Net.Security.SslStream.ProcessReceivedBlob（字节[]缓冲区，Int32计数，AsyncProtocolRequest asyncRequest）
位于System.Net.Security.SslStream.StartReadFrame（字节[]缓冲区，Int32 readBytes，AsyncProtocolRequest asyncRequest）
位于System.Net.Security.SslStream.PartialFrameCallback（AsyncProtocolRequest asyncRequest）
---来自引发异常的上一个位置的堆栈结束跟踪---
位于System.Net.Security.SslStream.ThrowifeException（）处
在System.Net.Security.SslStream.InternalEndProcessAuthentication（LazyAsyncResult-lazyResult）上
位于System.Net.Security.SslStream.EndProcessAuthentication（IAsyncResult结果）
位于System.Net.Security.SslStream.EndAuthenticateTaseClient（IAsyncResult asyncResult）
在System.Net.Security.SslStream.c.b_u65_u1（IAsyncResult iar）
位于System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic（IAsyncResult iar、Func2 endFunction、Action1 endAction、Task1 Promission、布尔要求同步）
---来自引发异常的上一个位置的堆栈结束跟踪---
在System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore（Stream、SslClientAuthenticationOptions、sslOptions、CancellationToken CancellationToken）
---内部异常堆栈跟踪的结束---
在System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore（Stream、SslClientAuthenticationOptions、sslOptions、CancellationToken CancellationToken）
位于System.Net.Http.HttpConnectionPool.ConnectAsync（HttpRequestMessage请求，布尔allowHttp2，CancellationToken CancellationToken）
在System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync（HttpRequestMessage请求，CancellationToken CancellationToken）
位于System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync（HttpRequestMessage请求，CancellationToken CancellationToken）
位于System.Net.Http.HttpConnectionPool.SendWithRetryAsync（HttpRequestMessage请求，布尔值doRequestAuth，CancellationToken CancellationToken）
位于System.Net.Http.RedirectHandler.SendAsync（HttpRequestMessage请求，CancellationToken CancellationToken）
位于System.Net.Http.DiagnosticsHandler.SendAsync（HttpRequestMessage请求，CancellationToken CancellationToken）
在Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentSync（字符串地址，CancellationToken取消）的System.Net.Http.HttpClient.FinishSendAsyncBuffered（Task1 sendTask，HttpRequestMessage请求，CancellationTokenSource cts，Boolean disposeCts）---内部异常堆栈跟踪结束—位于Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentSync（字符串地址，取消令牌取消），位于Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync（字符串地址、IDCummentRetriever、CancelationTokenCancel）位于Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync（取消令牌取消）
---内部异常堆栈跟踪的结束---
位于Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.handleAuthenticationAsync（）的Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.handleAuthenticationAsync（）的Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync（CancellationToken cancel）中在Microsoft.AspNetCore.Authentication.AuthenticationHandler1.AuthenticationAsync（）中
位于Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticationAsync（HttpContext上下文，字符串方案）
在IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler.HandleAuthenticationAsync（）处
2020年4月16日17:19:50.988-04:00[信息]“持票人”未通过身份验证。失败消息：“IDX20803:无法从以下位置获取配置：”https://localhost/IdentityServer/Core/.well-known/openid-configuration'."
2020年4月16日17:19:51.031-04:00[信息]身份验证方案：“持票人”受到质疑。

---

非常感谢你在这方面的帮助

解决了在启动-->配置中添加以下代码的问题

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
| SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12
| SecurityProtocolType.Ssl3;

---

是的，我的问题也可以通过添加以下代码行来解决。 我感谢你的帮助和这个博客

IdentityModelEventSource.ShowPII=true； ServicePointManager.Expect100Continue=true； ServicePointManager.SecurityProtocol