IdentityServerBuilderConfigurationExtension 中的 Blazor WASM 托管身份验证空引用异常

Posted 2023-03-27

【中文标题】IdentityServerBuilderConfigurationExtension 中的 Blazor WASM 托管身份验证空引用异常

【英文标题】：Blazor WASM Hosted Authentication Null Reference Exception in IdentityServerBuilderConfigurationExtension

【发布时间】：2021-03-01 22:23:30

【问题描述】：

我有一个使用 IdentityServer4 的 blazor WASM 托管项目（默认来自 VS 模板）。但是，当我启动我的应用程序时，我收到以下错误。调试显示 options.Value.SigningCredential 为 null，因此 .Key 导致 NullReferenceException。所以我在某处遗漏了一些东西。

这是客户端程序.cs

public static async Task Main(string[] args)
        
            var builder = WebAssemblyHostBuilder.CreateDefault(args);
            //builder.RootComponents.Add<App>("#app");

            builder.Services.AddHttpClient("BBQFriend.API", client => client.BaseAddress = new Uri(builder.HostEnvironment.BaseAddress))
                .AddHttpMessageHandler<BaseAddressAuthorizationMessageHandler>();

            // Supply HttpClient instances that include access tokens when making requests to the server project
            builder.Services.AddScoped(sp => sp.GetRequiredService<IHttpClientFactory>().CreateClient("BBQFriend.API"));

            builder.Services.AddApiAuthorization();

            var baseAddress = new Uri("https://localhost:44395/api/");

            void RegisterTypedClient<TClient, TImplementation>(Uri apiBaseUrl)
                where TClient : class where TImplementation : class, TClient
            
                builder.Services.AddHttpClient<TClient, TImplementation>(client =>
                
                    client.BaseAddress = apiBaseUrl;
                );
            

            RegisterTypedClient<ICountryService, CountryService>(baseAddress);          

            await builder.Build().RunAsync();
        

这里是服务器 Startup.cs

public Startup(IConfiguration configuration)
        
            Configuration = configuration;
        

        public IConfiguration Configuration  get; 

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        
            //Register EntityFramework Core Datacontext for Dependency Injection
            services.AddDbContext<DataContext>(options => options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection")));            

            //Add common Identity Screens
            services.AddDefaultIdentity<ApplicationUser>(options => options.SignIn.RequireConfirmedAccount = true)
                .AddEntityFrameworkStores<DataContext>();

            //Set up IdentityServer
            services.AddIdentityServer()
                .AddApiAuthorization<ApplicationUser, DataContext>();

            services.AddAuthentication()
                .AddIdentityServerJwt();

            //Register Services for DirectNavigation
            services.AddScoped<ICountryService, CountryService>();

            //Register Repositories for Dependency Injection
            services.AddScoped<ICountryRepository, CountryRepository>();

            services.AddDatabaseDeveloperPageExceptionFilter();

            services.AddControllersWithViews();
            services.AddRazorPages();
        

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        
            if (env.IsDevelopment())
            
                app.UseDeveloperExceptionPage();
                app.UseWebAssemblyDebugging();
            
            else
            
                app.UseExceptionHandler("/Error");
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                app.UseHsts();
            

            //app.UseHttpsRedirection();
            app.UseBlazorFrameworkFiles();
            app.UseStaticFiles();

            app.UseRouting();

            app.UseIdentityServer();
            app.UseAuthentication();
            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            
                endpoints.MapRazorPages();
                endpoints.MapControllers();
                //endpoints.MapFallbackToFile("index.html");
                endpoints.MapFallbackToPage("/_Host");
            );
        

这里是应用程序 DataContext.cs

public class DataContext : ApiAuthorizationDbContext<ApplicationUser>
    
        public DataContext(DbContextOptions options, IOptions<OperationalStoreOptions> operationalStoreOptions) : base(options, operationalStoreOptions)
        
            ChangeTracker.QueryTrackingBehavior = QueryTrackingBehavior.NoTracking;
        

        public DbSet<Country> Countries  get; set; 

        protected override void OnModelCreating(ModelBuilder modelBuilder)
        
            modelBuilder.ApplyConfiguration(new CountryConfiguration());

            base.OnModelCreating(modelBuilder);

        
    

【参考方案1】：

问题是您缺少客户端配置值。 当您使用builder.Services.AddApiAuthorization(); 时，它会尝试从default 加载配置：

默认情况下，应用程序的配置按约定从 _configuration/client-id 加载。按照惯例，客户端 ID 设置为应用程序的程序集名称。通过使用选项调用重载，可以将此 URL 更改为指向单独的端点。