stackoom
  简体   繁体   中英

Integrating Identity Server; Docker and MVC Core (Web Client)

 原文  2018-11-25 13:42:52       c#/ asp.net-mvc/ docker/ identityserver4

Question

I am trying to get an MVC Core Web application to work with Identity Server and Docker. Here are the steps I have taken:

1) Download the quickstart: https://github.com/IdentityServer/IdentityServer4.Samples/tree/dev

Run the project and see it working as expected. Now try adding Docker to the equation:

2) Open the solution. Right click on: IdentityServerWithAspNetIdentity and select: Add Container Orchestration Support (Then Docker Compose, then Linux). 3) Right click on MVCClient and select: Add Container Orchestration Support (Then Docker Compose, then Linux). 4) Change Docker-compose.override.yml to this (note that I only changed the ports for each service from 80 to 5002:80 and 5000:80): 

version: '3.4'

services:
  mvcclient:
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
    ports:
      - "5002:80"

  identityserverwithaspnetidentity:
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
    ports:
      - "5000:80"

5) Try running the project to see what happens. When I attempt to access: Home/Secure; instead of being forwarded to the login webpage; I see this error: 'Unable to obtain configuration from:http://localhost:5000/.well-known/openid-configuration'.

I believe this is because the Docker container cannot see localhost:5000. Therefore after reading through a few blog posts; I try this:

6) Open startup in the MVCClient and change this: 

options.Authority = "http://localhost:5000";

to this:

options.Authority = "http://identityserverwithaspnetidentity:80";

However, I just see a DNS error (404 I believe). What do I need to do to get Identity Server working with an MVC web app in this case?

So far I have looked here: How can I use IdentityServer4 from inside and outside a docker machine? and here: Identity Server 4 and docker . However the answers have not helped so far.

3 answers

solution1
 1  2018-11-25 18:15:23

As you already noticed on my thread I had a similar issue. What I did is configuring the following on my IdentityServerAuthenticationOptions (API Side):

1) Set the correct Autority , in your case I would say it should be http://identityserverwithaspnetidentity/
2) Configure the ApiName (this is the name of the ApiResource)
3) Maybe also configure JwtBackChannelHandler (Im not sure if this was required or not)
4) If you are not using Https, I would deactivate it (I don't remember if this is explicitly needed: set RequireHttpsMetadata to false)

And on the client I did the folling

1) Set the ValidateIssuerName to false
2) If you are not using Https, maybe also deactive it by setting RequireHttps to false (I don't remember if this is explicitly needed)

solution2
 1  2020-05-24 03:27:14

I might be a little late but I hope this can help someone with a similar issue.

Some things to keep in mind:

  • This is not an issue with Identity Server itself but with the mismatch between the internal Docker URL ( http://identityserverwithaspnetidentity ) that your container sees and the local host URL ( http://localhost:5000 ) that your browser sees.
  • You should keep using the local URL for Identity Server ( http://localhost:5000 ) and add a special case to handle the container to container communication.
  • The following fix is only for development when working with Docker (Docker Compose, Kubernetes), so ideally you should check for the environment ( IsDevelopment extension method) so the code is not used in production.

IdentityServer configuration

if (Environment.IsDevelopment())
{
    // It is not advisable to override this in production
    options.IssuerUri = "http://localhost:5000";
}

MVC Client 


// It is important this matches the actual URL of your identity server, not the Docker internal URL
options.Authority = "http://localhost:5000";

if (Environment.IsDevelopment())
{
    // This will allow the container to reach the discovery endpoint
    options.MetadataAddress = "http://identityserverwithaspnetidentity/.well-known/openid-configuration";
    options.RequireHttpsMetadata = false;

    options.Events.OnRedirectToIdentityProvider = context =>
    {
        // Intercept the redirection so the browser navigates to the right URL in your host
        context.ProtocolMessage.IssuerAddress = "http://localhost:5000/connect/authorize";
        return Task.CompletedTask;
    };
}

You can tweak the code a little bit by passing said URLs via configuration.

solution3
 0  2019-05-01 02:21:55

I have been struggling with the same problem for the last couple of days and finally found a solution that works! All you need to do is set the Authority (in your mvc client) and IssuerUri (in your identity API) to the IP address of your docker host. On windows this is 10.0.75.1.

I was finally able to come up with this after reviewing the implementation in eShopOnContainers which I've found is a really great resource for learning how to implement a dockerized microservice architecture in .NET Core.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Practices in integrating client-server communication with .net core MVC web app .Net Core, Identity 4 server in docker environment with TLS Identity Server 4 : Proper logout from MVC Client Understanding Mvc Core Identity ASP .NET Core MVC deploy to azure Identity Server 4 MVC Client with Identity Server4 authentication falls into infinite Redirect loop Identity Server with MVC Client running behind an AWS Load Balancer Identity Server 4 - Role claims missing in OpenIdConnect handler in MVC client Identity Server: Add claims to access token in hybrid flow in MVC client When session should expire in Identity Server 4 with MVC client?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM