Azure Web Api Jwt - 无法获取配置套接字被禁止答案

【问题标题】：Azure Web Api Jwt - Unable to obtain configuration Socket forbiddenAzure Web Api Jwt - 无法获取配置套接字被禁止
【发布时间】：2019-01-11 11:49:04
【问题描述】：

有一个 Asp.Net Core 2.2.1 Web Api 正在尝试获取 OpenId 配置，以便它可以对请求进行身份验证。权威网站恰好是 IdentityServer4。

/.well-known/openid-configuration 看起来正确，api 站点正在运行，不安全的 api 方法可以正常工作。

查看 Kudu 中的日志，我看到以下错误。似乎是由套接字问题引起的，但我不知道这里出了什么问题。

在我的开发机器上本地一切正常，那么我缺少什么/Azure 需要什么？

System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden]'. ---> 
System.Net.Http.HttpRequestException: An attempt was made to access a socket
in a way forbidden by its access permissions --->

完整的错误详情；

2019-01-11 11:07:43.096 +00:00 [Error] Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler: Exception occurred while processing message.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden]'. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden]'. ---> System.Net.Http.HttpRequestException: An attempt was made to access a socket in a way forbidden by its access permissions ---> System.Net.Sockets.SocketException: An attempt was made to access a socket in a way forbidden by its access permissions
   at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.CreateConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.WaitForCreatedConnectionAsync(ValueTask`1 creationTask)
   at System.Threading.Tasks.ValueTask`1.get_Result()
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()

【问题讨论】：

好的，将 .UseAzureAppServices() 添加到 WebHost 构建器似乎已经修复了套接字问题 - 不确定具体是做什么的，但现在我只是收到错误无法获取配置信息 IDX20803：无法获取配置来自：“[PII 被隐藏]”。所以似乎很难找到 /.well-known/openid-configuration url。如何取消隐藏 PII 已隐藏？如果我在 Chrome、IE 等中浏览到该配置，则该配置看起来具有正确的 uri'。
在尝试查找知名配置时，它会选择本地主机。 localhost:5010/.well-known/openid-configuration.

标签： jwt identityserver4 azure-web-app-service asp.net-core-2.2

【解决方案1】：

经过数小时的调试，然后开机

IdentityModelEventSource.ShowPII = true;    //show detail of error and see problem

要查看知名配置的问题，我发现它没有从 Azure 门户获取应用程序设置。

由于我的设置是嵌套的，我只需要确保 Azure 刀片中的密钥匹配即可。

即

{
  "AppSettings": {
    "ApiUrl": "someUrl",
    "AuthorityUrl": "anotherUrl"
  }, ...

变成

AppSettings:ApiUrl

简单的错误陷阱。

【讨论】：