IdentityServer 4，试图用fiddler捕获流量？

Question

Console application trying to get discovery

var disco = await DiscoveryClient.GetAsync("http://localhost:5000");

Works fine, however i'm trying to figure out how this thing works and I cant seem to capture the http traffic.

if i use http://localhost.fiddler to redirect to the local proxy Errors With:

Error connecting to localhost.fiddler:5000/.well-known/openid-configuration: HTTPS required (it's not setup with HTTPS, the error msg is misleading!)

Strangely later in the code when we try to authenticate to web-api with

var response = await client.GetAsync("http://localhost.fiddler:5001/identity");

localhost.fiddler works fine, now this is running in the same console.app, in program.cs so the same file. This is driving me potty why on earth can't I capture traffic going to 5000 it's HTTP!!! so what mysteries are causing this ? is there another way to view the magic http traffic going to and from Identity Server ?

Added Startup class

public class Startup
{
    public void ConfigureServices(IServiceCollection services)
    {
        // configure identity server with in-memory stores, keys, clients and scopes
        services.AddIdentityServer()
            .AddDeveloperSigningCredential()
            .AddInMemoryApiResources(Config.GetApiResources())
            .AddInMemoryClients(Config.GetClients())
            .AddTestUsers(Config.GetUsers());
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        app.UseIdentityServer();
    }
}

added Blog , will update it and credit if we can resolve this.

Answer 1

As you correctly figured out, you need to use, for example, http://localhost.fiddler , to route localhost traffic through fiddler. However, using DiscoveryClient.GetAsync uses DiscoveryClient with default policy. That default policy has the following settings important for this case:

• RequireHttps = true
• AllowHttpOnLoopback = true

So, it requires https unless you query loopback address. How it knows what is loopback address? There is DiscoveryPolicy.LoopbackAddresses property. By default it contains:

• "localhost"
• "127.0.0.1"

For that reason you have "HTTPS required" error - "localhost.fiddler" is not considered a loopback address, and default policy requires https for non-loopback addresses.

So to fix, you need to either set RequireHttps to false, or add "localhost.fiddler` to loopback address list:

var discoClient = new DiscoveryClient("http://localhost.fiddler:5000");
discoClient.Policy.LoopbackAddresses.Add("localhost.fiddler");
//discoClient.Policy.RequireHttps = false;                        
var disco = await discoClient.GetAsync();

If you do this - you will see disovery request in fiddler, however it will fail (response will contain error), because server will report authority as " http://localhost:5000 " and you query " http://localhost.fiddler:5000 ". So you also need to override authority in your policy:

var discoClient = new DiscoveryClient("http://localhost.fiddler:5000");
discoClient.Policy.LoopbackAddresses.Add("localhost.fiddler");
discoClient.Policy.Authority = "http://localhost:5000";
var disco = await discoClient.GetAsync();

Now it will work as expected.