我正在尝试在开发环境中使用其 ip 地址连接到开放 id 授权。显然,在这种情况下,ssl 验证将失败。我想绕过它,到目前为止没有任何运气。我找到了有关此主题的以下答案:
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
当我的应用程序尝试访问 oidc 权限时,我收到相同的错误:
An unhandled exception occurred while processing the request. AuthenticationException: The remote certificate is invalid according to the validation procedure. System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
HttpRequestException: The SSL connection could not be established, see inner exception. System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
IOException: IDX20804: Unable to retrieve document from: 'https://172.11.0.11:1111/MY_APP/.well-known/openid-configuration'. Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(string address, CancellationToken cancel)
InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://172.11.0.11:1111/MY_APP/.well-known/openid-configuration'. Microsoft.IdentityModel.Protocols.ConfigurationManager.GetConfigurationAsync(CancellationToken cancel)
最佳答案
警告:仅在开发过程中使用它。如果合适,您需要为您的生产平台定制证书验证例程。
您可能覆盖了错误的 HttpClientHandler。 OpenId Connect 的反向 channel HttpClient 可以在此处被覆盖:
services
.AddAuthentication(options =>
{
...
})
.AddCookie()
.AddOpenIdConnect(options =>
{
...
HttpClientHandler handler = new HttpClientHandler();
handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
options.BackchannelHttpHandler = handler;
});
关于asp.net-core - 如何在 .Net Core 3.1 中的 OpenId 连接时禁用 ssl 证书验证?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62990470/