System.InvalidOperationException:验证 Azure AD 令牌时出现 IDX20803
System.InvalidOperationException: IDX20803 when validating Azure AD token
我在 Angular 中有一个 SPA 客户端,它成功登录到 Azure AD 并生成一个令牌,然后我通过 Authorization: Bearer ${token} 将其传递给 .Net Core(3.0) API然后我尝试使用 [Authorize] 验证令牌以检查然后允许访问 REST Api 调用,我们仍在使用 "ver": "1.0" 并且 JWT [=28= 中没有随机数].我在 ConfigureServices 方法中有以下代码:
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = "https://login.microsoftonline.com/common";
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = options.Authority,
ValidateLifetime = true,
ValidateAudience = true,
ValidAudience = "{myClientID}",
IssuerValidator = (issuer, token, parameter) => "https://sts.windows.net/{MyIssuer}/"
};
});
services.AddAuthorization(options =>
{
options.DefaultPolicy =
new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
.Build();
});
当我 运行 使用 locahost 的项目时,它工作正常,但我将代码部署到服务器时,我收到以下错误消息:
Exception occurred while processing message.
Exception:
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://login.microsoftonline.com/common/.well-known/openid-configuration'.
---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://login.microsoftonline.com/common/.well-known/openid-configuration'.
---> System.Net.Http.HttpRequestException: No connection could be made because the target machine actively refused it.
---> System.Net.Sockets.SocketException (10061): No connection could be made because the target machine actively refused it.
at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
以上消息表明某些东西不允许我连接到站点进行验证,我的参数是否正确?我使用 jwt.io 检查令牌,它说签名有效,在 body 上,我看到了我期望 "aud:","iss:" "amr":["pwd"] 等的值。我是 Azure AD 和令牌的新手验证,所以请耐心等待。我有什么想念的吗?谢谢
该错误是由于应用无法连接到 Azure AD 元数据终结点造成的。
它需要在开始时从那里加载配置,包括应用程序可用于验证令牌签名的 public 密钥。
要么有什么东西阻止了连接(如防火墙),要么 Azure AD 已关闭(极不可能)。
我在 Angular 中有一个 SPA 客户端,它成功登录到 Azure AD 并生成一个令牌,然后我通过 Authorization: Bearer ${token} 将其传递给 .Net Core(3.0) API然后我尝试使用 [Authorize] 验证令牌以检查然后允许访问 REST Api 调用,我们仍在使用 "ver": "1.0" 并且 JWT [=28= 中没有随机数].我在 ConfigureServices 方法中有以下代码:
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = "https://login.microsoftonline.com/common";
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = options.Authority,
ValidateLifetime = true,
ValidateAudience = true,
ValidAudience = "{myClientID}",
IssuerValidator = (issuer, token, parameter) => "https://sts.windows.net/{MyIssuer}/"
};
});
services.AddAuthorization(options =>
{
options.DefaultPolicy =
new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
.Build();
});
当我 运行 使用 locahost 的项目时,它工作正常,但我将代码部署到服务器时,我收到以下错误消息:
Exception occurred while processing message.
Exception:
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://login.microsoftonline.com/common/.well-known/openid-configuration'.
---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://login.microsoftonline.com/common/.well-known/openid-configuration'.
---> System.Net.Http.HttpRequestException: No connection could be made because the target machine actively refused it.
---> System.Net.Sockets.SocketException (10061): No connection could be made because the target machine actively refused it.
at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
以上消息表明某些东西不允许我连接到站点进行验证,我的参数是否正确?我使用 jwt.io 检查令牌,它说签名有效,在 body 上,我看到了我期望 "aud:","iss:" "amr":["pwd"] 等的值。我是 Azure AD 和令牌的新手验证,所以请耐心等待。我有什么想念的吗?谢谢
该错误是由于应用无法连接到 Azure AD 元数据终结点造成的。 它需要在开始时从那里加载配置,包括应用程序可用于验证令牌签名的 public 密钥。
要么有什么东西阻止了连接(如防火墙),要么 Azure AD 已关闭(极不可能)。