IDX20803：无法从以下位置获取配置：“https://localhost/IdentityServer/Core/.well-known/openid-configuration”

Posted 2023-02-19

【中文标题】IDX20803：无法从以下位置获取配置：“https://localhost/IdentityServer/Core/.well-known/openid-configuration”

【英文标题】：IDX20803: Unable to obtain configuration from: 'https://localhost/IdentityServer/Core/.well-known/openid-configuration'

【发布时间】：2020-07-30 08:14:24

【问题描述】：

我们正在为 IdentityServer 使用 IdentityServer3.Membership 库。令牌验证在本地和 QA 机器中使用 HTTP 都可以正常工作。但是当我们配置为 HTTPS 时，就会出现以下错误。 步骤。

使用 identityserver4.AccessTokenValidation library3.0.1 在 Asp.net core 3.0 应用程序中验证令牌 当我们在 IIS 中托管时出现错误。并使用自签名证书和 CA 证书 证书已添加到受信任的证书中。

Error Details:
04/16/2020 17:19:50.651 -04:00 [Error] IDX20803: Unable to obtain configuration from: 'https://localhost/IdentityServer/Core/.well-known/openid-configuration'.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://localhost/IdentityServer/Core/.well-known/openid-configuration'.
---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://localhost/IdentityServer/Core/.well-known/openid-configuration'.
---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
---> System.ComponentModel.Win32Exception (0x80090331): The client and server cannot communicate, because they do not possess a common algorithm.
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslStream.ThrowIfExceptional()
at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.b__65_1(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.DiagnosticsHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts) at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel) --- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel) at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel) at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel) at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync() at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync() at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler.HandleAuthenticateAsync()
04/16/2020 17:19:50.988 -04:00 [Information] "Bearer" was not authenticated. Failure message: "IDX20803: Unable to obtain configuration from: 'https://localhost/IdentityServer/Core/.well-known/openid-configuration'."
04/16/2020 17:19:51.031 -04:00 [Information] AuthenticationScheme: "Bearer" was challenged.

非常感谢您在这方面的帮助。！

【问题讨论】：

您需要使用匹配的 IdentityServer 客户端和服务器版本（即不要将IdentityServer3.Membership 与IdentityServer4.AccessTokenValidation 混合使用）。

【参考方案1】：

解决了在 Startup-->Configure 中添加以下代码的问题

ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls
| SecurityProtocolType.Tls11
| SecurityProtocolType.Tls12
| SecurityProtocolType.Ssl3;

【参考方案2】：

是的，我的问题也可以通过添加以下代码行来解决。 感谢您的帮助和此博客。

IdentityModelEventSource.ShowPII = true; ServicePointManager.Expect100Continue = true; ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls|安全协议类型.Tls11 |安全协议类型.Tls12|安全协议类型.Ssl3;

【讨论】：

请不要使用“谢谢”的答案。访问 tour 和 how to answer 了解 Stack Overflow 上的 Answers 是如何工作的。如果您发现有帮助的帖子upvote，请改为。