fix(docker): Fix authentication errors when running openiddict on Docker

1 year ago · e96820290e
16 changed files with 58 additions and 34 deletions
--- a/aspnet-core/services/LY.MicroService.AuthServer.HttpApi.Host/AuthServerHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.AuthServer.HttpApi.Host/AuthServerHttpApiHostModule.cs
@ -60,13 +60,13 @@ namespace LY.MicroService.AuthServer;
    typeof(AbpAuthorizationOrganizationUnitsModule),
    typeof(AbpAuditLoggingElasticsearchModule),
    typeof(AbpEmailingExceptionHandlingModule),
-    typeof(AbpAspNetCoreAuthenticationJwtBearerModule),
-    typeof(AbpIdentitySessionAspNetCoreModule),
    typeof(AbpCAPEventBusModule),
    typeof(AbpHttpClientModule),
    typeof(AbpAliyunSmsModule),
    typeof(AbpCachingStackExchangeRedisModule),
    typeof(AbpLocalizationCultureMapModule),
+    typeof(AbpAspNetCoreAuthenticationJwtBearerModule),
+    typeof(AbpIdentitySessionAspNetCoreModule),
    typeof(AbpAspNetCoreHttpOverridesModule),
    typeof(AbpAspNetCoreMvcWrapperModule),
    typeof(AbpClaimsMappingModule),
@ -130,12 +130,12 @@ public partial class AuthServerHttpApiHostModule : AbpModule
        // 认证
        app.UseAuthentication();
        app.UseJwtTokenMiddleware();
+        // 多租户
+        app.UseMultiTenancy();
        // 会话
        app.UseAbpSession();
        // 动态身份
        app.UseDynamicClaims();
-        // 多租户
-        app.UseMultiTenancy();
        // 授权
        app.UseAuthorization();
        // Swagger
--- a/aspnet-core/services/LY.MicroService.AuthServer.HttpApi.Host/appsettings.Development.json
+++ b/aspnet-core/services/LY.MicroService.AuthServer.HttpApi.Host/appsettings.Development.json
@ -9,6 +9,7 @@
    "tag": "AuthServer.Admin"
  },
  "App": {
+    "ShowPii": true,
    "CorsOrigins": "http://127.0.0.1:3100",
    "Urls": {
      "Applications": {
@ -86,7 +87,7 @@
    "InstanceName": "LINGYUN.Abp.Application"
  },
  "AuthServer": {
-    "Authority": "http://127.0.0.1:44385/",
+    "Authority": "http://127.0.0.1:44385",
    "Audience": "lingyun-abp-application",
    "MapInboundClaims": false,
    "RequireHttpsMetadata": false
@ -103,9 +104,9 @@
    "MinimumLevel": {
      "Default": "Debug",
      "Override": {
-        "System": "Warning",
-        "Microsoft": "Warning",
-        "DotNetCore": "Debug"
+        "System": "Information",
+        "Microsoft": "Information",
+        "DotNetCore": "Warning"
      }
    },
    "WriteTo": [
--- a/aspnet-core/services/LY.MicroService.AuthServer/AuthServerModule.Configure.cs
+++ b/aspnet-core/services/LY.MicroService.AuthServer/AuthServerModule.Configure.cs
@ -147,7 +147,7 @@ public partial class AuthServerModule

                    builder.AddEncryptionCertificate(cer);

-                    builder.UseDataProtection();
+                    // builder.UseDataProtection();
                });
            }
        }
@ -181,7 +181,7 @@ public partial class AuthServerModule
                }


-                builder.UseDataProtection();
+                // builder.UseDataProtection();

                // 禁用https
                builder.UseAspNetCore()
--- a/aspnet-core/services/LY.MicroService.AuthServer/AuthServerModule.cs
+++ b/aspnet-core/services/LY.MicroService.AuthServer/AuthServerModule.cs
@ -150,9 +150,9 @@ public partial class AuthServerModule : AbpModule
        app.UseCors(DefaultCorsPolicyName);
        app.UseAuthentication();
        app.UseAbpOpenIddictValidation();
+        app.UseMultiTenancy();
        app.UseAbpSession();
        app.UseDynamicClaims();
-        app.UseMultiTenancy();
        app.UseAuthorization();
        app.UseAuditing();
        app.UseAbpSerilogEnrichers();
--- a/aspnet-core/services/LY.MicroService.AuthServer/LY.MicroService.AuthServer.csproj
+++ b/aspnet-core/services/LY.MicroService.AuthServer/LY.MicroService.AuthServer.csproj
@ -35,6 +35,7 @@
 		<PackageReference Include="Serilog.Settings.Configuration" />
 		<PackageReference Include="Serilog.Sinks.File" />
 		<PackageReference Include="Serilog.Sinks.Elasticsearch" />
+		<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" />
 		<PackageReference Include="Microsoft.AspNetCore.DataProtection.StackExchangeRedis" />
 		<!--<PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="7.0.5">
 			<PrivateAssets>all</PrivateAssets>
@ -44,7 +45,6 @@
 		<PackageReference Include="Volo.Abp.Account.Application" />
 		<PackageReference Include="Volo.Abp.Account.Web.OpenIddict" />
 		<PackageReference Include="Volo.Abp.AspNetCore.Mvc.UI.Theme.LeptonXLite" />
-		<PackageReference Include="Volo.Abp.AspNetCore.Authentication.JwtBearer" />
 		<PackageReference Include="Volo.Abp.Caching.StackExchangeRedis" />
 		<PackageReference Include="Volo.Abp.Autofac" />
 		<PackageReference Include="Volo.Abp.EntityFrameworkCore.MySQL" />
--- a/aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.BackendAdmin.HttpApi.Host/BackendAdminHttpApiHostModule.cs
@ -181,12 +181,12 @@ public partial class BackendAdminHttpApiHostModule : AbpModule
        // 认证
        app.UseAuthentication();
        app.UseJwtTokenMiddleware();
+        // 多租户
+        app.UseMultiTenancy();
        // 会话
        app.UseAbpSession();
        // jwt
        app.UseDynamicClaims();
-        // 多租户
-        app.UseMultiTenancy();
        // 授权
        app.UseAuthorization();
        // Swagger
--- a/aspnet-core/services/LY.MicroService.IdentityServer.HttpApi.Host/IdentityServerHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.IdentityServer.HttpApi.Host/IdentityServerHttpApiHostModule.cs
@ -125,11 +125,11 @@ public partial class IdentityServerHttpApiHostModule : AbpModule
        // 认证
        app.UseAuthentication();
        app.UseJwtTokenMiddleware();
+        // 多租户
+        app.UseMultiTenancy();
        // 会话
        app.UseAbpSession();
        app.UseDynamicClaims();
-        // 多租户
-        app.UseMultiTenancy();
        // 授权
        app.UseAuthorization();
        // Swagger
--- a/aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.LocalizationManagement.HttpApi.Host/LocalizationManagementHttpApiHostModule.cs
@ -117,6 +117,8 @@ public partial class LocalizationManagementHttpApiHostModule : AbpModule
        // 认证
        app.UseAuthentication();
        app.UseJwtTokenMiddleware();
+        // 多租户
+        app.UseMultiTenancy();
        // 会话
        app.UseAbpSession();
        app.UseDynamicClaims();
--- a/aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.PlatformManagement.HttpApi.Host/PlatformManagementHttpApiHostModule.cs
@ -171,11 +171,11 @@ public partial class PlatformManagementHttpApiHostModule : AbpModule
        // 认证
        app.UseAuthentication();
        app.UseJwtTokenMiddleware();
+        // 多租户
+        app.UseMultiTenancy();
        // 会话
        app.UseAbpSession();
        app.UseDynamicClaims();
-        // 多租户
-        app.UseMultiTenancy();
        // 授权
        app.UseAuthorization();
        // Swagger
--- a/aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.RealtimeMessage.HttpApi.Host/RealtimeMessageHttpApiHostModule.cs
@ -181,11 +181,11 @@ public partial class RealtimeMessageHttpApiHostModule : AbpModule
        // 认证
        app.UseAuthentication();
        app.UseJwtTokenMiddleware();
+        // 多租户
+        app.UseMultiTenancy();
        // 会话
        app.UseAbpSession();
        app.UseDynamicClaims();
-        // 多租户
-        app.UseMultiTenancy();
        // 授权
        app.UseAuthorization();
        // Swagger
--- a/aspnet-core/services/LY.MicroService.TaskManagement.HttpApi.Host/TaskManagementHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.TaskManagement.HttpApi.Host/TaskManagementHttpApiHostModule.cs
@ -134,8 +134,9 @@ public partial class TaskManagementHttpApiHostModule : AbpModule
        app.UseRouting();
        app.UseCors(DefaultCorsPolicyName);
        app.UseAuthentication();
-        app.UseDynamicClaims();
+        app.UseJwtTokenMiddleware();
        app.UseMultiTenancy();
+        app.UseDynamicClaims();
        app.UseAuthorization();
        app.UseSwagger();
        app.UseAbpSwaggerUI(options =>
--- a/aspnet-core/services/LY.MicroService.WebhooksManagement.HttpApi.Host/WebhooksManagementHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.WebhooksManagement.HttpApi.Host/WebhooksManagementHttpApiHostModule.cs
@ -141,9 +141,9 @@ public partial class WebhooksManagementHttpApiHostModule : AbpModule
        app.UseCors();
        app.UseAuthentication();
        app.UseJwtTokenMiddleware();
+        app.UseMultiTenancy();
        app.UseAbpSession();
        app.UseDynamicClaims();
-        app.UseMultiTenancy();
        app.UseAuthorization();
        app.UseSwagger();
        app.UseAbpSwaggerUI(options =>
--- a/aspnet-core/services/LY.MicroService.WechatManagement.HttpApi.Host/WechatManagementHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.WechatManagement.HttpApi.Host/WechatManagementHttpApiHostModule.cs
@ -122,9 +122,9 @@ public partial class WechatManagementHttpApiHostModule : AbpModule
        app.UseCors();
        app.UseAuthentication();
        app.UseJwtTokenMiddleware();
+        app.UseMultiTenancy();
        app.UseAbpSession();
        app.UseDynamicClaims();
-        app.UseMultiTenancy();
        app.UseAuthorization();
        app.UseSwagger();
        app.UseAbpSwaggerUI(options =>
--- a/aspnet-core/services/LY.MicroService.WorkflowManagement.HttpApi.Host/WorkflowManagementHttpApiHostModule.cs
+++ b/aspnet-core/services/LY.MicroService.WorkflowManagement.HttpApi.Host/WorkflowManagementHttpApiHostModule.cs
@ -145,9 +145,9 @@ public partial class WorkflowManagementHttpApiHostModule : AbpModule
        app.UseElsaFeatures();
        app.UseAuthentication();
        app.UseJwtTokenMiddleware();
+        app.UseMultiTenancy();
        app.UseAbpSession();
        app.UseDynamicClaims();
-        app.UseMultiTenancy();
        app.UseAuthorization();
        app.UseSwagger();
        app.UseAbpSwaggerUI(options =>
--- a/docker-compose.override.configuration.yml
+++ b/docker-compose.override.configuration.yml
@ -10,7 +10,7 @@ services:
      - Auditing__AllEntitiesSelector=true
      - ConnectionStrings__Default=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpAuditLogging=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
-      - ConnectionStrings__AbpOpenIddict=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
+      - ConnectionStrings__AbpOpenIddict=Server=host.docker.internal;Database=AuthServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpIdentity=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpIdentityServer=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpSaas=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
@ -66,7 +66,7 @@ services:
      - App__CorsOrigins=http://localhost:3100,http://localhost:30000,http://apigateway:30000
      - ConnectionStrings__Default=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpAuditLogging=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
-      - ConnectionStrings__AbpOpenIddict=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
+      - ConnectionStrings__AbpOpenIddict=Server=host.docker.internal;Database=AuthServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpIdentity=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpIdentityServer=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpSaas=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
@ -119,7 +119,7 @@ services:
      - App__CorsOrigins=http://localhost:3100,http://localhost:30000,http://apigateway:30000
      - ConnectionStrings__Default=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpAuditLogging=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
-      - ConnectionStrings__AbpOpenIddict=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
+      - ConnectionStrings__AbpOpenIddict=Server=host.docker.internal;Database=AuthServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpIdentity=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpIdentityServer=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpSaas=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
@ -175,7 +175,7 @@ services:
      - App__CorsOrigins=http://localhost:3100,http://localhost:30000,http://apigateway:30000
      - ConnectionStrings__Default=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpAuditLogging=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
-      - ConnectionStrings__AbpOpenIddict=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
+      - ConnectionStrings__AbpOpenIddict=Server=host.docker.internal;Database=AuthServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpIdentity=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpIdentityServer=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpSaas=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
@ -228,7 +228,7 @@ services:
      - App__CorsOrigins=http://localhost:3100,http://localhost:30000,http://apigateway:30000
      - ConnectionStrings__Default=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpAuditLogging=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
-      - ConnectionStrings__AbpOpenIddict=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
+      - ConnectionStrings__AbpOpenIddict=Server=host.docker.internal;Database=AuthServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpIdentity=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpIdentityServer=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpSaas=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
@ -291,7 +291,7 @@ services:
      - Auditing__AllEntitiesSelector=true
      - ConnectionStrings__Default=Server=host.docker.internal;Database=Messages-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpAuditLogging=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
-      - ConnectionStrings__AbpOpenIddict=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
+      - ConnectionStrings__AbpOpenIddict=Server=host.docker.internal;Database=AuthServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpIdentity=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpIdentityServer=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpSaas=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
@ -346,7 +346,7 @@ services:
      - App__CorsOrigins=http://localhost:3100,http://localhost:30000,http://apigateway:30000
      - ConnectionStrings__Default=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpAuditLogging=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
-      - ConnectionStrings__AbpOpenIddict=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
+      - ConnectionStrings__AbpOpenIddict=Server=host.docker.internal;Database=AuthServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpIdentity=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpIdentityServer=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpSaas=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
@ -399,7 +399,7 @@ services:
      - App__CorsOrigins=http://localhost:3100,http://localhost:30000,http://apigateway:30000
      - ConnectionStrings__Default=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpAuditLogging=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
-      - ConnectionStrings__AbpOpenIddict=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
+      - ConnectionStrings__AbpOpenIddict=Server=host.docker.internal;Database=AuthServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpIdentity=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpIdentityServer=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpSaas=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
@ -452,7 +452,7 @@ services:
      - App__CorsOrigins=http://localhost:3100,http://localhost:30000,http://apigateway:30000
      - ConnectionStrings__Default=Server=host.docker.internal;Database=Workflow-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpAuditLogging=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
-      - ConnectionStrings__AbpOpenIddict=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
+      - ConnectionStrings__AbpOpenIddict=Server=host.docker.internal;Database=AuthServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpIdentity=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpIdentityServer=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpSaas=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
@ -515,7 +515,7 @@ services:
      - App__CorsOrigins=http://localhost:3100,http://localhost:30000,http://apigateway:30000
      - ConnectionStrings__Default=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpAuditLogging=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
-      - ConnectionStrings__AbpOpenIddict=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
+      - ConnectionStrings__AbpOpenIddict=Server=host.docker.internal;Database=AuthServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpIdentity=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpIdentityServer=Server=host.docker.internal;Database=IdentityServer-V70;User Id=root;Password=123456
      - ConnectionStrings__AbpSaas=Server=host.docker.internal;Database=Platform-V70;User Id=root;Password=123456
--- a/docker-compose.override.yml
+++ b/docker-compose.override.yml
@ -19,6 +19,26 @@ services:
    depends_on:
      - sts-server

+  # 取消注释以使用openiddict
+  # sts-server:
+  #   build:
+  #     context: ./aspnet-core/services/Publish/authserver
+  #   volumes:
+  #     - ./deploy/framework/ids-sts/logs:/app/Logs
+  #     - ./deploy/framework/ids-sts/modules:/app/Modules
+  #   restart: always
+
+  # 取消注释以使用openiddict
+  # sts-api:
+  #   build:
+  #     context: ./aspnet-core/services/Publish/authserver-api
+  #   volumes:
+  #     - ./deploy/framework/ids-admin/logs:/app/Logs
+  #     - ./deploy/framework/ids-admin/modules:/app/Modules
+  #   restart: always
+  #   depends_on:
+  #     - sts-server
+
  admin-api:
    build:
      context: ./aspnet-core/services/Publish/admin