Integrating Identity Server; Docker and MVC Core (

2019-01-27 03:47发布

问题:

I am trying to get an MVC Core Web application to work with Identity Server and Docker. Here are the steps I have taken:

1) Download the quickstart: https://github.com/IdentityServer/IdentityServer4.Samples/tree/dev

Run the project and see it working as expected. Now try adding Docker to the equation:

2) Open the solution. Right click on: IdentityServerWithAspNetIdentity and select: Add Container Orchestration Support (Then Docker Compose, then Linux). 3) Right click on MVCClient and select: Add Container Orchestration Support (Then Docker Compose, then Linux). 4) Change Docker-compose.override.yml to this (note that I only changed the ports for each service from 80 to 5002:80 and 5000:80):

version: '3.4'

services:
  mvcclient:
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
    ports:
      - "5002:80"

  identityserverwithaspnetidentity:
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
    ports:
      - "5000:80"

5) Try running the project to see what happens. When I attempt to access: Home/Secure; instead of being forwarded to the login webpage; I see this error: 'Unable to obtain configuration from:http://localhost:5000/.well-known/openid-configuration'.

I believe this is because the Docker container cannot see localhost:5000. Therefore after reading through a few blog posts; I try this:

6) Open startup in the MVCClient and change this:

options.Authority = "http://localhost:5000";

to this:

options.Authority = "http://identityserverwithaspnetidentity:80";

However, I just see a DNS error (404 I believe). What do I need to do to get Identity Server working with an MVC web app in this case?

So far I have looked here: How can I use IdentityServer4 from inside and outside a docker machine? and here: Identity Server 4 and docker. However the answers have not helped so far.

回答1:

As you already noticed on my thread I had a similar issue. What I did is configuring the following on my IdentityServerAuthenticationOptions (API Side):

1) Set the correct Autority, in your case I would say it should be http://identityserverwithaspnetidentity/
2) Configure the ApiName (this is the name of the ApiResource)
3) Maybe also configure JwtBackChannelHandler (Im not sure if this was required or not)
4) If you are not using Https, I would deactivate it (I don't remember if this is explicitly needed: set RequireHttpsMetadata to false)

And on the client I did the folling

1) Set the ValidateIssuerName to false
2) If you are not using Https, maybe also deactive it by setting RequireHttps to false (I don't remember if this is explicitly needed)