错误：System.InvalidOperationException：IDX20803：无法从以下位置获取配置：'https://securetoken.google.com

Question

我正在开发 a.Net api (netcoreapp3.1)，我正在使用 IONOS 进行托管 (.net Framework 4.x)。

用户基于 firebase 身份验证机制连接到我的前端应用程序，我将 JWT 令牌发送到我的 api 以验证令牌以访问资源路由。
令牌验证在本地完美运行。 但是在我在 IONOS 上发布我的 api 之后，我得到了这个异常。

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://securetoken.google.com/XXXXXXXX/.well-known/openid-configuration'.
 ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://securetoken.google.com/XXXXXXXX/.well-known/openid-configuration'.
 ---> System.Net.Http.HttpRequestException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
 ---> System.Net.Sockets.SocketException (10060): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
   at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.DiagnosticsHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
   at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

更多信息：

1. 我激活IdentityModelEventSource.ShowPII = true; 在我的 api 中获取有关异常的更多信息

2. 我验证了我的所有配置都使用“https”进行令牌验证

3. API 启动代码：

    string firebaseCredentialPath = $"firebaseCredential.{Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT")}.json"; FirebaseApp.Create(new AppOptions() { Credential = GoogleCredential.FromFile(firebaseCredentialPath) }); string firebaseAppId = Configuration["Firebase:FirebaseAppId"]; string firebaseAuthorityUrl = string.Format(Configuration["Firebase:FirebaseAuthorityUrl"], firebaseAppId); services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options => { options.Authority = firebaseAuthorityUrl; options.TokenValidationParameters = new TokenValidationParameters { ValidIssuer = firebaseAuthorityUrl, ValidAudience = firebaseAppId, ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true, }; });

4. 我的应用程序配置

   “Firebase”：{“FirebaseAuthorityUrl”：“https://securetoken.google.com/{0}”，“FirebaseAppId”：“XXXXXXXX”}

提前谢谢你。

Answer 1

我有同样的问题，我需要在 Ocelot 微服务中实现这个配置。

您是否可能使用过本指南： https://dominique-k.medium.com/using-firebase-jwt-tokens-in-asp-net-core-net-5-834c43d4aa00

但我注意到我的问题出在https://securetoken.google.com/FIREBASE-APP-ID部分，我发现我需要使用projectId而不是您可以在项目配置中找到的appId并且工作正常：

多亏了本指南，我才意识到

Answer 2

这是启动 class 方法 configure => app.UseHttpsRedirection(); 时的重定向问题； . 我用这个解决方案改变了这一行： Cannot redirect Ionos microsoft hosting website to https automatically

这是 IONOS 托管的特定配置，用于将 http 请求重定向到 https。