[英]Asp.net core 3 Identity server 4 application crash Stack Overflow
I have an Identity server 4 using Asp.net core.我有一个使用 Asp.net 核心的身份服务器 4。 The application crash after browsing.浏览后应用程序崩溃。 I am using the CMD to run the application我正在使用 CMD 运行应用程序
macbooks-MacBook-Air:Falcon-Identity macbook$ dotnet run
[20:52:42 Information]
Starting host...
info: IdentityServer4.Startup[0]
Starting IdentityServer4 version 4.0.0+1acafade44176bf817412aa4309d5dff6587a741
info: IdentityServer4.Startup[0]
You are using the in-memory version of the persisted grant store. This will store consent decisions, authorization codes, refresh and reference tokens in memory only. If you are using any of those features in production, you want to switch to a different store implementation.
info: IdentityServer4.Startup[0]
Using the default authentication scheme Identity.Application for IdentityServer
info: Microsoft.Hosting.Lifetime[0]
Now listening on: https://localhost:5001
info: Microsoft.Hosting.Lifetime[0]
Now listening on: http://localhost:5000
info: Microsoft.Hosting.Lifetime[0]
Application started. Press Ctrl+C to shut down.
info: Microsoft.Hosting.Lifetime[0]
Hosting environment: Development
info: Microsoft.Hosting.Lifetime[0]
Content root path: /Users/macbook/Projects/Falcon-Identity/Falcon-Identity
Stack overflow.
macbooks-MacBook-Air:Falcon-Identity macbook$
When I am browsing the URL https://localhost:5001 Keep getting the stack overflow error, but don't know what's causing the issue.当我浏览 URL https://localhost:5001 时不断收到堆栈溢出错误,但不知道是什么导致了问题。
Startup.CS启动.CS
public class Startup
{
public IConfigurationRoot Configuration { get; }
public IWebHostEnvironment Environment { get; }
public Startup(IWebHostEnvironment environment)
{
Environment = environment;
var builder = new ConfigurationBuilder()
.SetBasePath(Environment.ContentRootPath)
.AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
.AddEnvironmentVariables();
Configuration = builder.Build();
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.AddIdentityServer(Configuration);
services.ConfigureCors();
services.ConfigureExternalOidcProvider();
services.AddAutoMapper(typeof(Startup));
services.AddTransient<EmailHelper>();
services.AddTransient<ITemplateHelper, TemplateHelper>();
services.SwaggerConfig();
services.ConfigureGlobalExceptionFilter();
// In production, the React files will be served from this directory
services.AddSpaStaticFiles(configuration => { configuration.RootPath = "ClientApp/build"; });
services.AddControllersWithViews().AddRazorRuntimeCompilation();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
//app.UseHsts();
}
//app.ConfigureCsp();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseSpaStaticFiles();
app.UseIdentityServer();
app.UseMongoDbForIdentityServer();
// Enable middleware to serve generated Swagger as a JSON endpoint.
app.UseSwagger();
// Enable middleware to serve swagger-ui (HTML, JS, CSS, etc.),
// specifying the Swagger JSON endpoint.
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1");
});
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller}/{action=Index}/{id?}");
});
app.UseSpa(spa =>
{
spa.Options.SourcePath = "ClientApp";
if (env.IsDevelopment())
{
spa.UseReactDevelopmentServer(npmScript: "start");
}
});
}
}
Might be the same problem I had.可能是我遇到的同样的问题。 Microsoft.AspNetCore.Identity
is calling SignInManager.SignOutAsync
when the session cookie expires or is invalid which gets picked up by the Identity Server to log the user out on all the clients the user is logged in. If the cookie is invalid, then you are not authenticated, and the Identity Server tries to authenticat you in order to get the list of clients you are logged in and you end up with this stack overflow.当 session cookie 过期或无效时, Microsoft.AspNetCore.Identity
正在调用SignInManager.SignOutAsync
,Identity Server 获取该 cookie 以在用户登录的所有客户端上注销用户。如果 cookie 无效,那么您是未通过身份验证,身份服务器尝试对您进行身份验证以获取您登录的客户端列表,最终导致此堆栈溢出。
As a dirty quick fix, you can add a class that looks like this:作为一个肮脏的快速修复,您可以添加一个如下所示的 class:
public class FixedDefaultUserSession : IdentityServer4.Services.DefaultUserSession
{
bool _authenticateAsyncRunning = false;
public NewDefaultUserSession(IHttpContextAccessor httpContextAccessor, IAuthenticationHandlerProvider handlers, IdentityServerOptions options, ISystemClock clock, ILogger<IUserSession> logger)
: base(httpContextAccessor, handlers, options, clock, logger)
{
}
protected override Task AuthenticateAsync()
{
if (_authenticateAsyncRunning)
return Task.CompletedTask;
try
{
_authenticateAsyncRunning = true;
return base.AuthenticateAsync();
}
finally
{
_authenticateAsyncRunning = false;
}
}
}
And register this instead of the DefaultUserSession
service in the ConfigureServices
like this:并在ConfigureServices
中注册它而不是DefaultUserSession
服务,如下所示:
services.RemoveAll<IdentityServer4.Services.IUserSession>();
services.AddScoped<IdentityServer4.Services.IUserSession, FixedDefaultUserSession>();
After that it should at least work.在那之后,它至少应该可以工作。 But I think this issue will be fixed in v4.0.5 or later.但我认为这个问题将在 v4.0.5 或更高版本中修复。 See this issue: https://github.com/IdentityServer/IdentityServer4/issues/4844看到这个问题: https://github.com/IdentityServer/IdentityServer4/issues/4844
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.