3

I successfully setup IdentityServer4 with ASP.NET Core.

As a default config I had this:

IdentityServerAuthenticationOptions options = new IdentityServerAuthenticationOptions()
{
    Authority = "http://localhost:5000",                
    ScopeName = "scope",
    ScopeSecret = "ScopeSecret",
    AutomaticAuthenticate = true,
    AutomaticChallenge = true,
    RequireHttpsMetadata = false,                
};

Now, using this guide I configured to be read from configuration files and so they can be any numbers in production.

For example if I setup API to be running at http://*:5000 then the client can connect to it via the service IP address like http://192.168.1.100:5000.

Once the client obtains the Bearer token and tries to use it, an Internal Server Error occures with this exception:

Unable to obtain configuration from: 
'http://*:5000/.well-known/openid-configuration'. 
---> System.IO.IOException: IDX10804: Unable to retrieve document from: 'http://*:5000/.well-known/openid-configuration'. 
---> System.UriFormatException: Invalid URI: The hostname could not be parsed.

What is the correct way to configure IdS4 to have dynamic authority?

Update

It seems the problem is with Issuer, any idea on this?

Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: 

IDX10205: Issuer validation failed. Issuer: 'http://192.168.1.100:5000'. Did not match: validationParameters.ValidIssuer: 'http://localhost:5000' or validationParameters.ValidIssuers: 'null'.

   at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuer(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters)
Community
  • 1
  • 1
Mohsen Afshin
  • 13,273
  • 10
  • 65
  • 90

2 Answers2

6

By a big surprise, all I needed, was to set a value (almost any value) for IssuerUri:

public IServiceProvider ConfigureServices(IServiceCollection services)
{
    ////...

    var identiyBuilder = services.AddIdentityServer(options =>
    {
        options.RequireSsl = false;
        options.IssuerUri = "MyCompany";      
    });

    ////...
}

Now, by the above config, I can use the service by any IP address.

Mohsen Afshin
  • 13,273
  • 10
  • 65
  • 90
0

I didn't find I could just put in MyCompany

But in my log files I had the following:

  Bearer was not authenticated. Failure message: IDX10205: Issuer validation failed. Issuer: 'https://crm.example.com'. Did not match: validationParameters.ValidIssuer: 'MyCompany' or validationParameters.ValidIssuers: 'null'.

I don't quite know what 'issuer' means but I was able to just take 'https://crm.example.com' and get things working with this :

 options.IssuerUri = "https://crm.example.com";
Simon_Weaver
  • 140,023
  • 84
  • 646
  • 689