Menu
I am trying to get an MVC Core Web application to work with Identity Server and Docker. Here are the steps I have taken:
1) Download the quickstart: https://github.com/IdentityServer/IdentityServer4.Samples/tree/dev
Run the project and see it working as expected. Now try adding Docker to the equation:
2) Open the solution. Right click on: IdentityServerWithAspNetIdentity and select: Add Container Orchestration Support (Then Docker Compose, then Linux). 3) Right click on MVCClient and select: Add Container Orchestration Support (Then Docker Compose, then Linux). 4) Change Docker-compose.override.yml to this (note that I only changed the ports for each service from 80 to 5002:80 and 5000:80):
version: '3.4'
services:
mvcclient:
environment:
- ASPNETCORE_ENVIRONMENT=Development
ports:
- "5002:80"
identityserverwithaspnetidentity:
environment:
- ASPNETCORE_ENVIRONMENT=Development
ports:
- "5000:80"
5) Try running the project to see what happens. When I attempt to access: Home/Secure; instead of being forwarded to the login webpage; I see this error: 'Unable to obtain configuration from:http://localhost:5000/.well-known/openid-configuration'.
I believe this is because the Docker container cannot see localhost:5000. Therefore after reading through a few blog posts; I try this:
6) Open startup in the MVCClient and change this:
options.Authority = "http://localhost:5000";
to this:
options.Authority = "http://identityserverwithaspnetidentity:80";
However, I just see a DNS error (404 I believe). What do I need to do to get Identity Server working with an MVC web app in this case?
So far I have looked here: How can I use IdentityServer4 from inside and outside a docker machine? and here: Identity Server 4 and docker. However the answers have not helped so far.
988
As you already noticed on my thread I had a similar issue. What I did is configuring the following on my IdentityServerAuthenticationOptions (API Side):
1) Set the correct Autority, in your case I would say it should be http://identityserverwithaspnetidentity/
2) Configure the ApiName (this is the name of the ApiResource)
3) Maybe also configure JwtBackChannelHandler (Im not sure if this was required or not)
4) If you are not using Https, I would deactivate it (I don't remember if this is explicitly needed: set RequireHttpsMetadata to false)
And on the client I did the folling
1) Set the ValidateIssuerName to false
2) If you are not using Https, maybe also deactive it by setting RequireHttps to false (I don't remember if this is explicitly needed)
176
I might be a little late but I hope this can help someone with a similar issue.
Some things to keep in mind:
http://identityserverwithaspnetidentity) that your container sees and the local host URL (http://localhost:5000) that your browser sees.http://localhost:5000) and add a special case to handle the container to container communication.IsDevelopment extension method) so the code is not used in production.if (Environment.IsDevelopment())
{
// It is not advisable to override this in production
options.IssuerUri = "http://localhost:5000";
}
// It is important this matches the actual URL of your identity server, not the Docker internal URL
options.Authority = "http://localhost:5000";
if (Environment.IsDevelopment())
{
// This will allow the container to reach the discovery endpoint
options.MetadataAddress = "http://identityserverwithaspnetidentity/.well-known/openid-configuration";
options.RequireHttpsMetadata = false;
options.Events.OnRedirectToIdentityProvider = context =>
{
// Intercept the redirection so the browser navigates to the right URL in your host
context.ProtocolMessage.IssuerAddress = "http://localhost:5000/connect/authorize";
return Task.CompletedTask;
};
}
You can tweak the code a little bit by passing said URLs via configuration.
39
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
