Asp.net 核心 3 身份服务器 4 应用程序崩溃 堆栈内存溢出

Question

我有一个使用 Asp.net 核心的身份服务器 4。 浏览后应用程序崩溃。 我正在使用 CMD 运行应用程序

macbooks-MacBook-Air:Falcon-Identity macbook$ dotnet run
[20:52:42 Information] 
Starting host...

info: IdentityServer4.Startup[0]
      Starting IdentityServer4 version 4.0.0+1acafade44176bf817412aa4309d5dff6587a741
info: IdentityServer4.Startup[0]
      You are using the in-memory version of the persisted grant store. This will store consent decisions, authorization codes, refresh and reference tokens in memory only. If you are using any of those features in production, you want to switch to a different store implementation.
info: IdentityServer4.Startup[0]
      Using the default authentication scheme Identity.Application for IdentityServer
info: Microsoft.Hosting.Lifetime[0]
      Now listening on: https://localhost:5001
info: Microsoft.Hosting.Lifetime[0]
      Now listening on: http://localhost:5000
info: Microsoft.Hosting.Lifetime[0]
      Application started. Press Ctrl+C to shut down.
info: Microsoft.Hosting.Lifetime[0]
      Hosting environment: Development
info: Microsoft.Hosting.Lifetime[0]
      Content root path: /Users/macbook/Projects/Falcon-Identity/Falcon-Identity
Stack overflow.
macbooks-MacBook-Air:Falcon-Identity macbook$ 

当我浏览 URL https://localhost:5001 时不断收到堆栈溢出错误，但不知道是什么导致了问题。

启动.CS

public class Startup
    {
        public IConfigurationRoot Configuration { get; }
        public IWebHostEnvironment Environment { get; }
        public Startup(IWebHostEnvironment environment)
        {
            Environment = environment;
            var builder = new ConfigurationBuilder()
                .SetBasePath(Environment.ContentRootPath)
                .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
                .AddEnvironmentVariables();
            Configuration = builder.Build();
        }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddControllersWithViews();
            services.AddIdentityServer(Configuration);
            services.ConfigureCors();
            services.ConfigureExternalOidcProvider();
            services.AddAutoMapper(typeof(Startup));
            services.AddTransient<EmailHelper>();
            services.AddTransient<ITemplateHelper, TemplateHelper>();
            services.SwaggerConfig();
            services.ConfigureGlobalExceptionFilter();
            // In production, the React files will be served from this directory
            services.AddSpaStaticFiles(configuration => { configuration.RootPath = "ClientApp/build"; });
            services.AddControllersWithViews().AddRazorRuntimeCompilation();
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Error");
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                //app.UseHsts();
            }

            //app.ConfigureCsp();
            app.UseHttpsRedirection();
            app.UseStaticFiles();
            app.UseSpaStaticFiles();
            app.UseIdentityServer();
            app.UseMongoDbForIdentityServer();
            // Enable middleware to serve generated Swagger as a JSON endpoint.
            app.UseSwagger();
            // Enable middleware to serve swagger-ui (HTML, JS, CSS, etc.),
            // specifying the Swagger JSON endpoint.
            app.UseSwaggerUI(c =>
            {
                c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1");
            });
            app.UseRouting();
            app.UseAuthorization();
            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllerRoute(
                    name: "default",
                    pattern: "{controller}/{action=Index}/{id?}");
            });

            app.UseSpa(spa =>
            {
                spa.Options.SourcePath = "ClientApp";

                if (env.IsDevelopment())
                {
                    spa.UseReactDevelopmentServer(npmScript: "start");
                }
            });
            
        }
    }

Answer 1

可能是我遇到的同样的问题。 当 session cookie 过期或无效时， Microsoft.AspNetCore.Identity正在调用SignInManager.SignOutAsync ，Identity Server 获取该 cookie 以在用户登录的所有客户端上注销用户。如果 cookie 无效，那么您是未通过身份验证，身份服务器尝试对您进行身份验证以获取您登录的客户端列表，最终导致此堆栈溢出。

你怎么能解决这个问题？

作为一个肮脏的快速修复，您可以添加一个如下所示的 class：

public class FixedDefaultUserSession : IdentityServer4.Services.DefaultUserSession
{
    bool _authenticateAsyncRunning = false;

    public NewDefaultUserSession(IHttpContextAccessor httpContextAccessor, IAuthenticationHandlerProvider handlers, IdentityServerOptions options, ISystemClock clock, ILogger<IUserSession> logger)
        : base(httpContextAccessor, handlers, options, clock, logger)
    {
    }

    protected override Task AuthenticateAsync()
    {
        if (_authenticateAsyncRunning)
            return Task.CompletedTask;

        try
        {
            _authenticateAsyncRunning = true;

            return base.AuthenticateAsync();

        }
        finally
        {
            _authenticateAsyncRunning = false;
        }
    }
}

并在ConfigureServices中注册它而不是DefaultUserSession服务，如下所示：

services.RemoveAll<IdentityServer4.Services.IUserSession>();
services.AddScoped<IdentityServer4.Services.IUserSession, FixedDefaultUserSession>();

在那之后，它至少应该可以工作。 但我认为这个问题将在 v4.0.5 或更高版本中修复。 看到这个问题： https://github.com/IdentityServer/IdentityServer4/issues/4844