Identity Server 4部署到Azure网站时无法正常工作

Question

I am using Identity Server and setting it up so that all of my various Asp.net and Asp.net core sites can use the same authentication logic. I have Identity Server 4 running on .net core 2.1 running on my machine and a demo client that is Asp.Net MVC 5 that works on my machine but when I deploy the Identity Server portion to Azure I can no longer authenticate in the MVC 5 client even though the app appears to be running fine and allows me to log in.

This is the error message that I keep getting in the MVC client

   Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:


[SocketException (0x2746): An existing connection was forcibly closed by the remote host]
   System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult) +83
   System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult) +57

[IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.]
   System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) +232
   System.Net.PooledStream.EndWrite(IAsyncResult asyncResult) +13
   System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) +119

[WebException: The underlying connection was closed: An unexpected error occurred on a send.]
   System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) +623
   System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar) +64

[HttpRequestException: An error occurred while sending the request.]
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   System.Net.Http.<FinishSendAsyncBuffered>d__58.MoveNext() +745
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__8.MoveNext() +362

[IOException: IDX20804: Unable to retrieve document from: 'https://login.somesite.com/.well-known/openid-configuration'.]
   Microsoft.IdentityModel.Protocols.<GetDocumentAsync>d__8.MoveNext() +666
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.IdentityModel.Protocols.OpenIdConnect.<GetAsync>d__3.MoveNext() +291
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task) +25
   Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__24.MoveNext() +1129

[InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://login.somesite.com/.well-known/openid-configuration'.]
   Microsoft.IdentityModel.Protocols.<GetConfigurationAsync>d__24.MoveNext() +1586
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.OpenIdConnect.<ApplyResponseChallengeAsync>d__c.MoveNext() +575
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.<ApplyResponseCoreAsync>d__b.MoveNext() +282
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.<ApplyResponseAsync>d__8.MoveNext() +275
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.<TeardownAsync>d__5.MoveNext() +160
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +815
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +182
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Security.Infrastructure.<Invoke>d__0.MoveNext() +638
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<RunApp>d__5.MoveNext() +182
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.<DoFinalWork>d__2.MoveNext() +180
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar) +69
   Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.IntegratedPipelineContext.EndFinalWork(IAsyncResult ar) +64
   System.Web.AsyncEventExecutionStep.InvokeEndHandler(IAsyncResult ar) +156
   System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar) +123

The MVC 5 configuration is found below

    app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
    {
        ClientId = "mysite.tools",
        ClientSecret = "junkhere",
        Authority = Constants.BaseAddress,
        RedirectUri = "http://localhost:34341/",
        PostLogoutRedirectUri = "http://localhost:34341/",
        ResponseType = "code id_token",
        Scope = "openid email mysite.profile",
        RequireHttpsMetadata = System.Configuration.ConfigurationManager.AppSettings["OpenIdConnect.RequireHttpsMetadata"] != "false",
        BackchannelTimeout = new TimeSpan(0,10,0),                
        TokenValidationParameters = new TokenValidationParameters
        {
            NameClaimType = "name",
            RoleClaimType = "role"
        },

        SignInAsAuthenticationType = "Cookies",

    });

It seems so odd that it only works when testing it locally.

Answer 1

So after looking into the BackChannel properties and ruling that out I went and looked at all of the settings on the site inside of Azure. The Site is set up to use https and has a valid SSL cert but until I turned off the setting "HTTPS Only" under the SSL settings it didn't work. Something about how Azure handles the HTTPS redirect even if the call is already https was braking the process.