InvalidOperationException:未指定密钥类型。 Microsoft.AspNetCore.ApiAuthorization.IdentityServer.ConfigureSig
Posted
技术标签:
【中文标题】InvalidOperationException:未指定密钥类型。 Microsoft.AspNetCore.ApiAuthorization.IdentityServer.ConfigureSigningCredentials.LoadKey()【英文标题】:InvalidOperationException: Key type not specified. Microsoft.AspNetCore.ApiAuthorization.IdentityServer.ConfigureSigningCredentials.LoadKey() 【发布时间】:2019-11-22 12:26:53 【问题描述】:总结
尝试发布具有身份验证功能的基本 .NET Core React 应用程序我收到 IdentityServer 错误。这是使用 dotnet new react --auth Individual、.Net Core 3.0 Preview5,并遵循 here 和 here 的说明。
我已通过 TLS/SSL 设置上传了 PFX。我还确保证书适用于我的开发环境,发现 GetMyX509Certificate 返回了证书。
运行 app.UseIdentityServer() 时,导致问题的代码似乎在 Startup.cs 中的配置中:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
//...
Log.Information("Configure - running app.Use: Authentication, IdentityServer");
Log.Information("Configure - running app.Use: Authentication");
app.UseAuthentication();
Log.Information("Configure - running app.Use: IdentityServer");
app.UseIdentityServer();
//CODE DOESN'T MAKE IT HERE!!!
Log.Information("Configure - running app.UseMvc");
app.UseMvc(routes =>
routes.MapRoute(
name: "default",
template: "controller/action=Index/id?");
);
Log.Information("Configure - running app.UseSpa");
app.UseSpa(spa =>
spa.Options.SourcePath = "ClientApp";
if (env.IsDevelopment())
spa.UseReactDevelopmentServer(npmScript: "start");
);
Log.Information("Configure - Done!");
错误
激活ASPNETCORE_DETAILEDERRORS = true,我收到以下错误:
InvalidOperationException: Key type not specified
Microsoft.AspNetCore.ApiAuthorization.IdentityServer.ConfigureSigningCredentials.LoadKey()
Microsoft.AspNetCore.ApiAuthorization.IdentityServer.ConfigureSigningCredentials.Configure(ApiAuthorizationOptions options)
Microsoft.Extensions.Options.OptionsFactory<TOptions>.Create(string name)
Microsoft.Extensions.Options.OptionsManager<TOptions>+<>c__DisplayClass5_0.<Get>b__0()
System.Lazy<T>.ViaFactory(LazyThreadSafetyMode mode)
System.Lazy<T>.ExecutionAndPublication(LazyHelper executionAndPublication, bool useDefaultConstructor)
System.Lazy<T>.CreateValue()
System.Lazy<T>.get_Value()
Microsoft.Extensions.Options.OptionsCache<TOptions>.GetOrAdd(string name, Func<TOptions> createOptions)
Microsoft.Extensions.Options.OptionsManager<TOptions>.Get(string name)
Microsoft.Extensions.Options.OptionsManager<TOptions>.get_Value()
Microsoft.Extensions.DependencyInjection.IdentityServerBuilderConfigurationExtensions+<>c.<AddClients>b__7_1(IServiceProvider sp)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitFactory(FactoryCallSite factoryCallSite, RuntimeResolverContext context)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor<TArgument, TResult>.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitCache(ServiceCallSite callSite, RuntimeResolverContext context, ServiceProviderEngineScope serviceProviderEngine, RuntimeResolverLock lockType)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite singletonCallSite, RuntimeResolverContext context)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor<TArgument, TResult>.VisitCallSite(ServiceCallSite callSite, TArgument argument)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor<TArgument, TResult>.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitDisposeCache(ServiceCallSite transientCallSite, RuntimeResolverContext context)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor<TArgument, TResult>.VisitCallSite(ServiceCallSite callSite, TArgument argument)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitConstructor(ConstructorCallSite constructorCallSite, RuntimeResolverContext context)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor<TArgument, TResult>.VisitCallSiteMain(ServiceCallSite callSite, TArgument argument)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitDisposeCache(ServiceCallSite transientCallSite, RuntimeResolverContext context)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteVisitor<TArgument, TResult>.VisitCallSite(ServiceCallSite callSite, TArgument argument)
Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.Resolve(ServiceCallSite callSite, ServiceProviderEngineScope scope)
Microsoft.Extensions.DependencyInjection.ServiceLookup.DynamicServiceProviderEngine+<>c__DisplayClass1_0.<RealizeService>b__0(ServiceProviderEngineScope scope)
Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngine.GetService(Type serviceType, ServiceProviderEngineScope serviceProviderEngineScope)
Microsoft.Extensions.DependencyInjection.ServiceLookup.ServiceProviderEngineScope.GetService(Type serviceType)
Microsoft.AspNetCore.Builder.IdentityServerApplicationBuilderExtensions.TestService(IServiceProvider serviceProvider, Type service, ILogger logger, string message, bool doThrow)
Microsoft.AspNetCore.Builder.IdentityServerApplicationBuilderExtensions.Validate(IApplicationBuilder app)
Microsoft.AspNetCore.Builder.IdentityServerApplicationBuilderExtensions.UseIdentityServer(IApplicationBuilder app)
ReactWithAuth.Startup.Configure(IApplicationBuilder app, IWebHostEnvironment env) in Startup.cs
System.RuntimeMethodHandle.InvokeMethod(object target, object[] arguments, Signature sig, bool constructor, bool wrapExceptions)
System.Reflection.RuntimeMethodInfo.Invoke(object obj, BindingFlags invokeAttr, Binder binder, object[] parameters, CultureInfo culture)
Microsoft.AspNetCore.Hosting.Internal.ConfigureBuilder.Invoke(object instance, IApplicationBuilder builder)
Microsoft.AspNetCore.Hosting.Internal.ConfigureBuilder+<>c__DisplayClass4_0.<Build>b__0(IApplicationBuilder builder)
Microsoft.AspNetCore.Hosting.Internal.ConventionBasedStartup.Configure(IApplicationBuilder app)
Microsoft.AspNetCore.Mvc.Filters.MiddlewareFilterBuilderStartupFilter+<>c__DisplayClass0_0.<Configure>g__MiddlewareFilterBuilder|0(IApplicationBuilder builder)
Microsoft.AspNetCore.Server.IIS.Core.IISServerSetupFilter+<>c__DisplayClass2_0.<Configure>b__0(IApplicationBuilder app)
Microsoft.AspNetCore.HostFilteringStartupFilter+<>c__DisplayClass0_0.<Configure>b__0(IApplicationBuilder app)
Microsoft.AspNetCore.Hosting.Internal.WebHost.BuildApplication()
Microsoft.Extensions.DependencyInjection.IdentityServerBuilderExtensionsCrypto.AddSigningCredential(IIdentityServerBuilder builder, X509Certificate2 certificate)
Projects.Startup.ConfigureServices(IServiceCollection services) in Startup.cs
System.RuntimeMethodHandle.InvokeMethod(object target, object[] arguments, Signature sig, bool constructor, bool wrapExceptions)
System.Reflection.RuntimeMethodInfo.Invoke(object obj, BindingFlags invokeAttr, Binder binder, object[] parameters, CultureInfo culture)
Microsoft.AspNetCore.Hosting.Internal.ConfigureServicesBuilder.InvokeCore(object instance, IServiceCollection services)
Microsoft.AspNetCore.Hosting.Internal.ConfigureServicesBuilder+<>c__DisplayClass9_0.<Invoke>g__Startup|0(IServiceCollection serviceCollection)
Microsoft.AspNetCore.Hosting.Internal.StartupLoader+ConfigureServicesDelegateBuilder<TContainerBuilder>+<>c__DisplayClass15_0.<BuildStartupServicesFilterPipeline>g__RunPipeline|0(IServiceCollection services)
Microsoft.AspNetCore.Hosting.Internal.ConfigureServicesBuilder.Invoke(object instance, IServiceCollection services)
Microsoft.AspNetCore.Hosting.Internal.ConfigureServicesBuilder+<>c__DisplayClass8_0.<Build>b__0(IServiceCollection services)
Microsoft.AspNetCore.Hosting.Internal.StartupLoader+ConfigureServicesDelegateBuilder<TContainerBuilder>+<>c__DisplayClass14_0.<ConfigureServices>g__ConfigureServicesWithContainerConfiguration|0(IServiceCollection services)
Microsoft.AspNetCore.Hosting.Internal.ConventionBasedStartup.ConfigureServices(IServiceCollection services)
Microsoft.AspNetCore.Hosting.Internal.WebHost.EnsureApplicationServices()
Microsoft.AspNetCore.Hosting.Internal.WebHost.Initialize()
Microsoft.AspNetCore.Hosting.Internal.WebHost.BuildApplication()
我尝试过的事情
解决方案的方式并不多。 IdentityServer4 只讨论Grant Types 的类型,但这似乎在此之前。
【问题讨论】:
有更好的方法来处理应用服务中的证书,你可能想看看这篇文章:docs.microsoft.com/en-us/azure/app-service/…。您还可以将您的证书存储在 azure key vault 中。 【参考方案1】:正如您已经回答的那样 - 解决方案是将以下设置添加到 appsettings.json 中的“IdentityServer”括号内。这跟在“客户”元素之后:
用于文件
"IdentityServer":
"Key":
"Type": "File",
"FilePath": "C:\cert.pfx",
"Password": "password123"
用于开发(显然不要在生产中使用)
"IdentityServer":
"Key":
"Type": "Development"
专卖店
"IdentityServer":
"Key":
"Type": "Store",
"StoreName": "My",
"StoreLocation": "CurrentUser",
"Name": "CN=MyApplication"
link
【讨论】:
我和我的同事正在尝试启动并运行概念验证,因此我们只是将"Key":"Type":"Development" 添加到我们的身份服务器配置中。它工作得很好。【参考方案2】:
解决方案是将以下设置添加到 appsettings.json 中的“IdentityServer”括号内。这跟在“客户”元素之后:
"IdentityServer":
"Key":
"Type": "Store",
"StoreName": "My",
"StoreLocation": "CurrentUser",
"Name": "CN=**WHATEVER NAME YOU USED AS THE DISTINGUISHED SUBJECT FOR YOUR CERT**"
这遵循指令here。请注意,这是通过在this 发布后使用 OpenSSL 创建的自签名证书完成的。
【讨论】:
您好,只是想知道您是否也按照本文中的“将证书与 Identity Server 4 一起使用”在您的设置中进行操作 - benjii.me/2017/06/… ?还是只是创建了证书,上传到私人商店并确保您的 applicationsettings.json 正确? 据我记忆,当我使用 IdentityServer 时,是的。但是,当我不再需要 IS 时,我将证书功能注释掉了。希望对您有所帮助。 如果我使用 linux 会是什么样子? 使用 Azure AppService Linux 的密钥类型文件,如下所示:“Type”:“File”,“FilePath”:“/var/ssl/private/THUMBPRINT.p12”,“Password”:“” .也见这里:docs.microsoft.com/en-us/azure/app-service/…【参考方案3】:从上面提到的代码中,我假设下面的代码行导致了 nullargument 异常。
.AddSigningCredential(cert);
因为**cert** 为空,这归结为您的方法GetMyX509Certificate
try
System.Diagnostics.Trace.TraceInformation($"HELLO! TRYING TO GET THE CERTIFICATE");
return new X509Certificate2(File.ReadAllBytes(pfxFilePath), password, sFlags);
catch (PlatformNotSupportedException ex)
System.Diagnostics.Trace.TraceError($"HELLO! ex.Message");
if(sFlags.HasFlag(X509KeyStorageFlags.EphemeralKeySet))
return GetMyX509Certificate(pfxFilePath,password,X509KeyStorageFlags.MachineKeySet);
else
return null;
catch (Exception ex)
System.Diagnostics.Trace.TraceError($"HELLO! ex.Message");
return null;
由于您的代码没有抛出 **PlatformNotSupportedException** 类型的异常,因此肯定会抛出通用异常,稍后您的最后一行会捕获该异常
catch (Exception ex)
System.Diagnostics.Trace.TraceError($"HELLO! ex.Message");
return null;
从这里你返回 null ,它在内部给你实际的错误。
我不明白你为什么不能使用 KUDU,但如果我是你,我建议你使用一些日志库来启用信息日志记录,例如使用自定义遥测进行文件系统日志记录或应用程序分析。
希望对你有帮助。
【讨论】:
嗨 Mohit,感谢您的回复。我已经更新了帖子 - 现在日志开始工作(Kudu 也是),证书似乎正在工作。问题似乎与 app.UseAuthentication() 或 app.UseIdentityServer();【参考方案4】:
"ConnectionStrings":
"DefaultConnection": ""
,
"Logging":
"LogLevel":
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
,
"IdentityServer":
"Clients":
"Project01":
"Profile": "IdentityServerSPA"
,
"Key":
"Type": "Development"
,
"AllowedHosts": "*"
【讨论】:
以上是关于InvalidOperationException:未指定密钥类型。 Microsoft.AspNetCore.ApiAuthorization.IdentityServer.ConfigureSig的主要内容,如果未能解决你的问题,请参考以下文章
InvalidOperationException:未找到名为“Bearer”的 AuthorizationPolicy
为啥这个 OdbcConnection 会抛出 System.InvalidOperationException?
System.InvalidOperationException: '绑定实例已经被关联到监听
使用 PerformanceCounters 时获取 InvalidOperationException [关闭]