我在将IdentityServer 4(ASP.NET Core 1.1)部署到Azure VM(Windows Server 2012 R2)时遇到此证书问题.
crit: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Unhandled exception: Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The system cannot find the file specified
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider, CngKeyOpenOptions openOptions)
at System.Security.Cryptography.CngKey.Open(String keyName, CngProvider provider)
at Internal.Cryptography.Pal.CertificatePal.GetPrivateKey[T](Func`2 createCsp, Func`2 createCng)
at Internal.Cryptography.Pal.CertificatePal.GetRSAPrivateKey()
这将适用于本地开发计算机,我无法弄明白为什么.我在VM上的My(本地计算机)存储上安装了证书.
任何人都可以帮助这个.谢谢.
部署到IIS时出现问题。显然,客户端使用反向代理,并且所有OpenId配置迪斯科显示IP地址而不是其域名。PublicOrigin解决了我的问题。但是,我仍然不了解两者之间的区别,
PublicOrigin
和
IssuerUri
范例:
var options = new IdentityServerOptions
{
PublicOrigin = "https://myids/project1/",
IssuerUri = "https://myids/project1/",
...
}
我可以从迪斯科舞厅看到,如果两个值都分别更新,也显示出变化,即;
{
"issuer": "https://myids/project1/",
"jwks_uri": "https://myids/project1/.well-known/jwks",
"authorization_endpoint": "https://myids/project1/connect/authorize",
"token_endpoint": "https://myids/project1/connect/token",
"userinfo_endpoint": "https://myids/project1/connect/userinfo",
"end_session_endpoint": "https://myids/project1/connect/endsession",
"check_session_iframe": "https://myids/project1/connect/checksession",
"revocation_endpoint": "https://myids/project1/connect/revocation",
"introspection_endpoint": "https://myids/project1/connect/introspect",
...
}
and why not just make it the same as IssuerUri. I have read the documentation on this. Technically is just a description of the properties. I would like to understand more.
Many thanks.