search

IdentityServer / IdentityServer4.AccessTokenValidation

IdentityServer Access Token Validation for ASP.NET Core
Apache License 2.0
544 stars 214 forks source link

Unable to obtain configuration initially #51

Closed haubbixa closed 7 years ago

haubbixa commented 7 years ago

I have successfully implemented an identity server and protected a .net core web app using the Authorize attribute on my controller. The problem I'm running into is that the web app fails to retrieve the configuration document from the authentication server (also a web app running on the same server) on startup, after a while I can issue the same http request (from Postman) and the request succeeds. The only authentication options I'm using are Authority and ApiName. Here is the error:

System.InvalidOperationException: IDX10803: Unable to obtain configuration from: 'https://<server name>/.well-known/openid-configuration'. ---> System.IO.IOException: IDX10804: Unable to retrieve document from: 'https://<server name>/.well-known/openid-configuration'. ---> System.Threading.Tasks.TaskCanceledException: A task was canceled.
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Net.Http.HttpClient.<FinishSendAsync>d__58.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.<GetDocumentAsync>d__8.MoveNext()
brockallen commented 7 years ago

Is this line above from the logs? It's not clear what the real problem is. I think this is something you should ask Microsoft to work on -- they need more information in their error logs for these scenarios.

haubbixa commented 7 years ago

Sorry, yes this text is from the application log. I performed a bunch of experiments and have drawn the following conclusions:

it is not consistent, I created a second server and the problem was not reproducible, could very well be performance related, the first server was lacking resources

the exception occurs when the controller is attempting to validate the received token, I configured IIS to start all applications and had no exceptions until the first web request

Since this appears to be a performance related issue, I'm not super worried about, though it would be nice to get it figured out.