I've deployed my API and Client app on Docker, but for the life of me, the web app cannot call the API, I keep getting an exception.
I added the following line suggested in other posts, but it did not work.
IdentityModelEventSource.ShowPII = true;
Exception:
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden]'.
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler.HandleAuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.InvokeCore(HttpContext context)
at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
We need to enable viewing of PII logs so we can see more details about the error: Add the following line in ConfigureServices() to Startup.cs
public void ConfigureServices(IServiceCollection services)
{
IdentityModelEventSource.ShowPII = true; //Add this line
....
In my case, this happened while I was developing identity prototype with Identity Server on localhost environment and my authority was configured incorrectly.
I was following an example from Identity Server 4, the issue was that the Quick start example of the Identity Server 4 contain 3 projects:
https://localhost:5001
In the example that was provided, the Identity Server was set to https with endpoint https://localhost:5001. But the Authority was in Consumer Api was set to http://localhost:5000.
So when client try to connect to Consumer Api, it gets the http://localhost:5000 address and try to look at http://localhost:5000/.well-known/openid-configuration and this does not exist. It exist only on https://localhost:5001/.well-known/openid-configuration.
So far so good.
The solution is to ensure you are using the same endpoint of the identity server on your consumer authority:
options.Authority = "https://localhost:5001";
If anyone is experiencing this during development, I was able to solve this by clearing my developer certs then recreating them.
dotnet dev-certs https --clean
dotnet dev-certs https --trust
Enabling TLS 1.2 solved the issue
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With