Ocelot: Administration API doesn't work

Created on 31 Jul 2018  ·  28Comments  ·  Source: ThreeMammals/Ocelot

Expected Behavior

Overrwrites the existing configuration

Actual Behavior

Returns 500 Internal Server Error

InvalidOperationException: Error parsing discovery document from http://localhost:5000/administration/.well-known/openid-configuration: Error connecting to http://localhost:5000/administration/.well-known/openid-configuration: No connection could be made because the target machine actively refused it

Steps to Reproduce the Problem

  1. Read docs
  2. Download ocelot.postman_collection.json
  3. In Startup.cs add .AddAdministration("/administration", "secret");
  4. Run service with api gateway: dotnet run: Now listening on: http://localhost:55580
  5. Make POST to get token
POST /administration/connect/token HTTP/1.1
Host: localhost:55580
Cache-Control: no-cache
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW

------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="client_id"

admin
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="client_secret"

secret
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="scope"

admin
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="grant_type"

client_credentials
------WebKitFormBoundary7MA4YWxkTrZu0gW--
  1. Make POST request to overrwrite the existing configuration

POST /administration/configuration HTTP/1.1
Host: localhost:55580
Authorization: Bearer pZWysp2fn03YLZV_3vejLGvLNvoyuYz3WTXyWcslaMay6oE3i95p1SxwcQ9FcYH4hp-8fqJ_H10WslPLV9KwmyBw2SsI2DoOrb8r0OXr5VZO_-E_SD3SjKyuh3NU05JTLHge_VtZV...
Content-Type: application/json
Cache-Control: no-cache

{
    "ReRoutes": [
    {
      "ServiceName" : "templates",
      "DownstreamPathTemplate": "/{everything}",
      "DownstreamScheme": "http",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": 50689
        }
      ],
      "UpstreamPathTemplate": "/templates/{everything}",
      "UpstreamHttpMethod": [ "GET" ]
    }
  ],
  "GlobalConfiguration": {
    "RequestIdKey": "Request-Id"
  }
}

Returns 500 Internal Server Error

InvalidOperationException: Error parsing discovery document from http://localhost:5000/administration/.well-known/openid-configuration: Error connecting to http://localhost:5000/administration/.well-known/openid-configuration: No connection could be made because the target machine actively refused it

  1. Make POST request to http://localhost:55580/administration/.well-known/openid-configuration
GET /administration/.well-known/openid-configuration HTTP/1.1
Host: localhost:55580
Authorization: Bearer pZWysp2fn03YLZV_3vejLGvLNvoyuYz3WTXyWcslaMay6oE3i95p1SxwcQ9FcYH4hp-8fqJ_H10WslPLV9KwmyBw2SsI2DoOrb8r0OXr5VZO_-E_SD3SjKyuh3NU05JTLHge_VtZV...
Cache-Control: no-cache

Returns

InvalidOperationException: Policy error while contacting the discovery endpoint http://localhost:5000/administration/.well-known/openid-configuration: Issuer name does not match authority: Ocelot

Specifications

  • Version: 8.0.0
  • Platform: Windows 10
  • Subsystem: netcoreapp2.1
question

All 28 comments

@Marusyk can you share your original json config, program.cs and startup.cs please so I can look into this further?

@TomPallister Thanks for quick response.

ApiGatewayOcelot.zip

I will take a look asap!

@Marusyk you need to add your base url to the GlobalConfiguration in order to use a url that isnt http://localhost:5000 (default) with the administration service. This is because IdentityServer needs to call back to Ocelot in order to do validation.

 "GlobalConfiguration": {
    "RequestIdKey": "Request-Id",
    "BaseUrl": "http://localhost:55580"
  }

I thought I had updated the docs to reflect this but obviously not so I will do this now. There are some docs about it here but not super clear.

I have pushed the update to the docs, I will close this issue for now. Let me know if it needs reopening.

@TomPallister Thanks for help, but it still doesn't work

InvalidOperationException: Policy error while contacting the discovery endpoint http://localhost:55580/administration/.well-known/openid-configuration: Issuer name does not match authority: Ocelot

I'm using the package version 8.1.0-unstable0025

@Marusyk it works fine for me with the project you uploaded :o can you upload your new code?

ApiGatewayOcelot.zip

This works fine for me!

@TomPallister

I do not have any new code!

Here are some stack trace. Hope it will help

fail: Microsoft.AspNetCore.Server.Kestrel[13]
Connection id "0HLFO1T7P6P29", Request id "0HLFO1T7P6P29:00000003": An unhandled exception was thrown by the application.
System.InvalidOperationException: Policy error while contacting the discovery endpoint http://localhost:55580/administration/.well-known/openid-configuration: Issuer name does not match authority: Ocelot
at IdentityModel.AspNetCore.OAuth2Introspection.PostConfigureOAuth2IntrospectionOptions.GetIntrospectionEndpointFromDiscoveryDocument(OAuth2IntrospectionOptions Options) in C:\local\identity\model\AspNetCore.OAuth2Introspection\src\IdentityModel.AspNetCore.OAuth2Introspection\PostConfigureOAuth2IntrospectionOptions.cs:line 58
at IdentityModel.AspNetCore.OAuth2Introspection.PostConfigureOAuth2IntrospectionOptions.InitializeIntrospectionClient(OAuth2IntrospectionOptions Options) in C:\local\identity\model\AspNetCore.OAuth2Introspection\src\IdentityModel.AspNetCore.OAuth2Introspection\PostConfigureOAuth2IntrospectionOptions.cs:line 83
at IdentityModel.AspNetCore.OAuth2Introspection.OAuth2IntrospectionHandler.LoadClaimsForToken(String token) in C:\local\identity\model\AspNetCore.OAuth2Introspection\src\IdentityModel.AspNetCore.OAuth2Introspection\OAuth2IntrospectionHandler.cs:line 142
at IdentityModel.AspNetCore.OAuth2Introspection.OAuth2IntrospectionHandler.HandleAuthenticateAsync() in C:\local\identity\model\AspNetCore.OAuth2Introspection\src\IdentityModel.AspNetCore.OAuth2Introspection\OAuth2IntrospectionHandler.cs:line 94
at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.AuthenticateAsync() at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler.HandleAuthenticateAsync() in C:\local\identity\server4\AccessTokenValidation\src\IdentityServer4.AccessTokenValidation\IdentityServerAuthenticationHandler.cs:line 68 at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.MiddlewareAnalysis.AnalysisMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.MiddlewareAnalysis.AnalysisMiddleware.Invoke(HttpContext httpContext)
at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) in C:\local\identity\server4\IdentityServer4\src\IdentityServer4\Hosting\BaseUrlMiddleware.cs:line 36
at Microsoft.AspNetCore.MiddlewareAnalysis.AnalysisMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Builder.Extensions.MapMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.MiddlewareAnalysis.AnalysisMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequestsTContext

@Marusyk have you tried the code I uploaded?

If you download the code above, then extract it, cd into the directory and call dotnet run then use the postman scripts below in the numbered order your app should work.

Issue515.postman_collection.json.zip

@TomPallister
Yes, this exception I copied from your posted code in this comment!
Also I used Issue515.postman_collection.json.zip. The same result: 500 Internal Server Error with empty response

Your order of postman request is wrong. I run:

  2. POST http://localhost: 55580/administration/connect/token - 200 OK
  1. GET http://localhost: 55580/administration/.well-known/openid-configuration - 500 ISE
  3. GET http://localhost: 55580/administration/configuration - 500 ISE

Microsoft.AspNetCore.Server.Kestrel[13]
Connection id "0HLFOQG7F35V2", Request id "0HLFOQG7F35V2:00000001": An unhandled exception was thrown by the application.
System.InvalidOperationException: Policy error while contacting the discovery endpoint http://localhost:55580/administration/.well-known/openid-configuration: Issuer name does not match authority: Ocelot
at IdentityModel.AspNetCore.OAuth2Introspection.PostConfigureOAuth2IntrospectionOptions.GetIntrospectionEndpointFromDiscoveryDocument(OAuth2IntrospectionOptions Options) in C:\local\identity\model\AspNetCore.OAuth2Introspection\src\IdentityModel.AspNetCore.OAuth2Introspection\PostConfigureOAuth2IntrospectionOptions.cs:line 58
at IdentityModel.AspNetCore.OAuth2Introspection.PostConfigureOAuth2IntrospectionOptions.InitializeIntrospectionClient(OAuth2IntrospectionOptions Options) in C:\local\identity\model\AspNetCore.OAuth2Introspection\src\IdentityModel.AspNetCore.OAuth2Introspection\PostConfigureOAuth2IntrospectionOptions.cs:line 83
at IdentityModel.AspNetCore.OAuth2Introspection.OAuth2IntrospectionHandler.LoadClaimsForToken(String token) in C:\local\identity\model\AspNetCore.OAuth2Introspection\src\IdentityModel.AspNetCore.OAuth2Introspection\OAuth2IntrospectionHandler.cs:line 142
at IdentityModel.AspNetCore.OAuth2Introspection.OAuth2IntrospectionHandler.HandleAuthenticateAsync() in C:\local\identity\model\AspNetCore.OAuth2Introspection\src\IdentityModel.AspNetCore.OAuth2Introspection\OAuth2IntrospectionHandler.cs:line 94
at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.AuthenticateAsync() at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at IdentityServer4.AccessTokenValidation.IdentityServerAuthenticationHandler.HandleAuthenticateAsync() in C:\local\identity\server4\AccessTokenValidation\src\IdentityServer4.AccessTokenValidation\IdentityServerAuthenticationHandler.cs:line 68 at Microsoft.AspNetCore.Authentication.AuthenticationHandler1.AuthenticateAsync()
at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme)
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.MiddlewareAnalysis.AnalysisMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.MiddlewareAnalysis.AnalysisMiddleware.Invoke(HttpContext httpContext)
at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) in C:\local\identity\server4\IdentityServer4\src\IdentityServer4\Hosting\BaseUrlMiddleware.cs:line 36
at Microsoft.AspNetCore.MiddlewareAnalysis.AnalysisMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Builder.Extensions.MapMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.MiddlewareAnalysis.AnalysisMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequestsTContext
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]

@Marusyk I am sorry but I do not know what the problem is. I have tried the code I uploaded on mac, windows (dotnet cli and in visual studio) without any problems :(

The only thing I can possibly think is that for some reason Ocelot cannot loopback to itself but seems unlikely.

Thank you very much for your help.
Oh, I run it on other PC and it works fine. 👍
I'll try to find out what is the problem with that machine and let you know.

Thanks.

Yey!! I was really worried because I could not replicate the problem at all.

I've just tried to run Ocelot in Docker container and use Administration API and got the same error 😕
It doesn't work on my work PC (only on my home PC) but I was hoping that it should work in isolated docker container.

@Marusyk what was the error from the docker container?

@TomPallister I've got the same error

Issuer name does not match authority: Ocelot

@Marusyk could you share the dockerfile you use to build the container? I can then give it a go in the container. The error message suggests the token you are trying to use wasnt issued by Ocelot which should be impossible given Ocelot is creating it :(

@TomPallister

There are __build.ps1__ and __run.ps1__ that I'm using

ApiGatewayOcelot.zip

@Marusyk thanks I will check this out ASAP.

Hello, any news?

@Marusyk not had a chance to look at this issue yet I'm afraid!

@Marusyk does your application work if you just do dotnet run in the root folder? I had to change the ports from 5000 to 80 on my mac to get it working but after doing that everything was fine, I could get a token and use it on the API.

I'm trying to work out if the problem is running your project in a container with docker or if it doesnt work for you with docker excluded.

@Marusyk I finally had a chance to try your dockerfile on windows.

Log from building and running the container

C:\Users\thoma\dev\ApiGatewayOcelot> .\build.ps1
Sending build context to Docker daemon  1.989MB
Step 1/14 : FROM microsoft/dotnet:2.1-aspnetcore-runtime AS base
 ---> 251f1045c425
Step 2/14 : WORKDIR /app
 ---> Using cache
 ---> b9ba463348ec
Step 3/14 : FROM microsoft/dotnet:2.1-sdk AS build
 ---> bde01d9ed6eb
Step 4/14 : WORKDIR /src
 ---> Using cache
 ---> c29d849a2d61
Step 5/14 : COPY . .
 ---> 9165ee22f21d
Step 6/14 : WORKDIR /src
 ---> Running in 7ea4b50b3dad
Removing intermediate container 7ea4b50b3dad
 ---> ded654ea2124
Step 7/14 : RUN dotnet build ApiGatewayOcelot.csproj -c Release -o /app
 ---> Running in 7696df296f5b
Microsoft (R) Build Engine version 15.8.166+gd4e8d81a88 for .NET Core
Copyright (C) Microsoft Corporation. All rights reserved.

  Restoring packages for /src/ApiGatewayOcelot.csproj...
  Installing Microsoft.IdentityModel.Logging 1.1.4.
  Installing runtime.fedora.23-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.2.
  Installing runtime.debian.8-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.2.
  Installing runtime.rhel.7-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.2.
  Installing runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.2.
  Installing runtime.ubuntu.14.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.2.
  Installing runtime.opensuse.13.2-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.2.
  Installing runtime.opensuse.42.1-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.2.
  Installing runtime.fedora.24-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.2.
  Installing runtime.ubuntu.16.10-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.2.
  Installing runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl 4.3.2.
  Installing Microsoft.IdentityModel.Tokens 5.1.4.
  Installing runtime.native.System.Security.Cryptography.OpenSsl 4.3.2.
  Installing System.IdentityModel.Tokens.Jwt 5.1.4.
  Installing Microsoft.AspNetCore.Cryptography.Internal 2.0.0.
  Installing Microsoft.AspNetCore.DataProtection.Abstractions 2.0.0.
  Installing Ocelot 8.0.0.
  Installing Microsoft.AspNetCore.Authentication.Abstractions 2.0.0.
  Installing CacheManager.Microsoft.Extensions.Logging 1.1.2.
  Installing CacheManager.Core 1.1.2.
  Installing Microsoft.AspNetCore.WebUtilities 2.0.0.
  Installing System.Security.AccessControl 4.4.0.
  Installing Polly 6.0.1.
  Installing System.Security.Principal.Windows 4.4.0.
  Installing Rafty 0.4.4.
  Installing FluentValidation 7.6.104.
  Installing Microsoft.AspNetCore.Hosting.Server.Abstractions 2.0.2.
  Installing Microsoft.Extensions.Hosting.Abstractions 2.0.2.
  Installing Microsoft.AspNetCore.Http.Features 2.0.2.
  Installing System.Net.Http 4.3.3.
  Installing Consul 0.7.2.5.
  Installing Butterfly.Client 0.0.8.
  Installing Butterfly.Client.AspNetCore 0.0.8.
  Installing CacheManager.Microsoft.Extensions.Configuration 1.1.2.
  Installing IdentityServer4 2.2.0.
  Installing Microsoft.Extensions.Configuration 2.0.0.
  Installing Microsoft.AspNetCore.DataProtection 2.0.0.
  Installing IdentityServer4.AccessTokenValidation 2.6.0.
  Installing Microsoft.AspNetCore.Authentication.Core 2.0.0.
  Installing Microsoft.AspNetCore.Http 2.0.0.
  Installing Pivotal.Discovery.ClientCore 2.0.1.
  Installing Microsoft.DotNet.InternalAbstractions 1.0.500-preview2-1-003177.
  Installing Microsoft.AspNetCore.Http.Extensions 2.0.0.
  Installing System.ValueTuple 4.4.0.
  Installing Microsoft.Extensions.WebEncoders 2.0.0.
  Installing Microsoft.Extensions.Caching.Abstractions 2.0.0.
  Installing Microsoft.Win32.Registry 4.4.0.
  Installing System.ComponentModel.Annotations 4.4.1.
  Installing System.Security.Cryptography.Xml 4.4.0.
  Installing Microsoft.AspNetCore.Hosting.Abstractions 2.0.2.
  Installing Microsoft.AspNetCore.Cryptography.Internal 2.0.2.
  Installing System.Threading.Thread 4.0.0.
  Installing Microsoft.AspNetCore.DataProtection.Abstractions 2.0.2.
  Installing Microsoft.AspNetCore.Authentication.Abstractions 2.0.2.
  Installing Microsoft.AspNetCore.WebUtilities 2.0.2.
  Installing System.Net.Http.WinHttpHandler 4.0.0.
  Installing Microsoft.Extensions.ObjectPool 2.0.0.
  Installing Microsoft.IdentityModel.Logging 5.2.1.
  Installing Microsoft.IdentityModel.Protocols 2.1.4.
  Installing Newtonsoft.Json 10.0.2.
  Installing Microsoft.AspNetCore.Http.Abstractions 2.0.2.
  Installing Microsoft.Extensions.FileProviders.Abstractions 2.0.1.
  Installing Microsoft.Net.Http.Headers 2.0.2.
  Installing System.Collections.Specialized 4.0.1.
  Installing System.Collections.NonGeneric 4.0.1.
  Installing System.ComponentModel.Primitives 4.1.0.
  Installing System.Buffers 4.4.0.
  Installing Microsoft.AspNetCore.Http.Features 2.0.0.
  Installing System.Runtime.CompilerServices.Unsafe 4.4.0.
  Installing Steeltoe.Common.Http 2.0.0.
  Installing Steeltoe.Extensions.Configuration.CloudFoundryBase 2.0.0.
  Installing Butterfly.OpenTracing 0.0.8.
  Installing Microsoft.Extensions.Configuration.Binder 2.0.0.
  Installing Newtonsoft.Json 10.0.3.
  Installing Microsoft.AspNetCore.Authentication 2.0.0.
  Installing Microsoft.AspNetCore.Http.Abstractions 2.0.0.
  Installing IdentityModel 3.6.0.
  Installing Microsoft.Extensions.Caching.Memory 2.0.0.
  Installing Microsoft.AspNetCore.DataProtection 2.0.2.
  Installing Microsoft.AspNetCore.Authentication.Core 2.0.2.
  Installing Microsoft.AspNetCore.Http 2.0.2.
  Installing Microsoft.Extensions.WebEncoders 2.0.1.
  Installing Microsoft.IdentityModel.Tokens 5.2.1.
  Installing Microsoft.IdentityModel.Protocols.OpenIdConnect 2.1.4.
  Installing Microsoft.AspNetCore.Authentication.OAuth 2.0.3.
  Installing Microsoft.AspNetCore.Http.Extensions 2.0.2.
  Installing Microsoft.Extensions.Configuration.Abstractions 2.0.1.
  Installing Microsoft.Extensions.Logging.Abstractions 2.0.1.
  Installing AspectCore.Core 0.2.4.
  Installing Microsoft.Extensions.Caching.Abstractions 2.0.1.
  Installing Microsoft.Extensions.Options 2.0.1.
  Installing Butterfly.DataContract 0.0.7.
  Installing System.ComponentModel.TypeConverter 4.1.0.
  Installing System.Diagnostics.DiagnosticSource 4.4.1.
  Installing Microsoft.AspNetCore.Routing.Abstractions 2.0.0.
  Installing Microsoft.Extensions.Options 2.0.0.
  Installing Microsoft.Extensions.Configuration 1.0.2.
  Installing AspectCore.Extensions.DependencyInjection 0.2.4.
  Installing Microsoft.AspNetCore.Hosting.Abstractions 2.0.0.
  Installing System.Linq.Expressions 4.1.1.
  Installing Microsoft.AspNetCore.Http.Abstractions 2.0.1.
  Installing Microsoft.AspNetCore.Mvc.Abstractions 2.0.0.
  Installing Microsoft.Extensions.Configuration.Abstractions 1.0.2.
  Installing Microsoft.Extensions.DependencyInjection.Abstractions 1.0.2.
  Installing Microsoft.Extensions.Configuration.Binder 1.0.2.
  Installing Microsoft.AspNetCore.Authentication.Cookies 2.0.3.
  Installing System.Security.Cryptography.Cng 4.4.0.
  Installing System.ComponentModel 4.0.1.
  Installing Microsoft.Extensions.Caching.Memory 2.0.1.
  Installing IdentityModel 3.6.1.
  Installing Microsoft.Extensions.Primitives 1.0.1.
  Installing Microsoft.AspNetCore.Cors 2.0.2.
  Installing Microsoft.Net.Http.Headers 2.0.0.
  Installing Microsoft.AspNetCore.Authentication.OpenIdConnect 2.0.3.
  Installing Microsoft.AspNetCore.Http.Features 2.0.1.
  Installing System.IdentityModel.Tokens.Jwt 5.2.1.
  Installing System.Text.Encodings.Web 4.4.0.
  Installing Microsoft.AspNetCore.Hosting.Server.Abstractions 2.0.0.
  Installing Microsoft.Extensions.FileProviders.Abstractions 2.0.0.
  Installing Microsoft.Extensions.Configuration.Abstractions 2.0.0.
  Installing Microsoft.AspNetCore.Authentication 2.0.3.
  Installing Microsoft.Extensions.Hosting.Abstractions 2.0.0.
  Installing Microsoft.AspNetCore.Authorization 2.0.0.
  Installing Microsoft.Extensions.Logging.Abstractions 2.0.0.
  Installing IdentityModel.AspNetCore.OAuth2Introspection 3.3.0.
  Installing Microsoft.Extensions.DependencyInjection 2.0.0.
  Installing Microsoft.AspNetCore.Authentication.JwtBearer 2.0.0.
  Installing Microsoft.Extensions.Primitives 2.0.0.
  Installing Microsoft.Extensions.DependencyInjection.Abstractions 2.0.0.
  Installing Pivotal.Discovery.EurekaBase 2.0.1.
  Installing Steeltoe.Common 2.0.0.
  Installing MessagePackAnalyzer 1.6.0.
  Installing Steeltoe.CloudFoundry.ConnectorBase 2.0.0.
  Installing Steeltoe.Discovery.EurekaBase 2.0.1.
  Installing AspectCore.Extensions.Reflection 0.2.4.
  Installing AspectCore.Abstractions 0.2.4.
  Generating MSBuild file /src/obj/ApiGatewayOcelot.csproj.nuget.g.props.
  Generating MSBuild file /src/obj/ApiGatewayOcelot.csproj.nuget.g.targets.
  Restore completed in 7.92 sec for /src/ApiGatewayOcelot.csproj.
  ApiGatewayOcelot -> /app/ApiGatewayOcelot.dll

Build succeeded.
    0 Warning(s)
    0 Error(s)

Time Elapsed 00:00:11.86
Removing intermediate container 7696df296f5b
 ---> c240674480c3
Step 8/14 : FROM build AS publish
 ---> c240674480c3
Step 9/14 : RUN dotnet publish ApiGatewayOcelot.csproj --no-restore -c Release -o /app
 ---> Running in adb5f6339ce7
Microsoft (R) Build Engine version 15.8.166+gd4e8d81a88 for .NET Core
Copyright (C) Microsoft Corporation. All rights reserved.

  ApiGatewayOcelot -> /src/bin/Release/netcoreapp2.1/ApiGatewayOcelot.dll
  ApiGatewayOcelot -> /app/
Removing intermediate container adb5f6339ce7
 ---> 851cacbe6117
Step 10/14 : FROM base AS final
 ---> b9ba463348ec
Step 11/14 : WORKDIR /app
 ---> Using cache
 ---> b16041eefaa9
Step 12/14 : COPY --from=publish /app .
 ---> 8a009db74974
Step 13/14 : EXPOSE 5000
 ---> Running in 1dbe5a08656a
Removing intermediate container 1dbe5a08656a
 ---> f18da4276069
Step 14/14 : ENTRYPOINT ["dotnet", "ApiGatewayOcelot.dll"]
 ---> Running in 77a790974911
Removing intermediate container 77a790974911
 ---> c8672da2833e
Successfully built c8672da2833e
Successfully tagged platform/apigateway:latest
SECURITY WARNING: You are building a Docker image from Windows against a non-Windows Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.
C:\Users\thoma\dev\ApiGatewayOcelot> .\run.ps1
dbug: Microsoft.AspNetCore.Hosting.Internal.WebHost[3]
      Hosting starting
info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0]
      User profile is available. Using '/root/.aspnet/DataProtection-Keys' as key repository; keys will not be encrypted at rest.
dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver[53]
      Repository contains no viable default key. Caller should generate a key with immediate activation.
dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider[57]
      Policy resolution states that a new key should be added to the key ring.
info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[58]
      Creating key {e4f2e989-4934-489a-a769-5b047e10a71e} with creation date 2018-09-01 12:41:26Z, activation date 2018-09-01 12:41:26Z, and expiration date 2018-11-30 12:41:26Z.
dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[32]
      Descriptor deserializer type for key {e4f2e989-4934-489a-a769-5b047e10a71e} is 'Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection, Version=2.1.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60'.
dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[34]
      No key escrow sink found. Not writing key {e4f2e989-4934-489a-a769-5b047e10a71e} to escrow.
warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
      No XML encryptor configured. Key {e4f2e989-4934-489a-a769-5b047e10a71e} may be persisted to storage in unencrypted form.
info: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[39]
      Writing data to file '/root/.aspnet/DataProtection-Keys/key-e4f2e989-4934-489a-a769-5b047e10a71e.xml'.
dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[23]
      Key cache expiration token triggered by 'CreateNewKey' operation.
dbug: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[37]
      Reading data from file '/root/.aspnet/DataProtection-Keys/key-e4f2e989-4934-489a-a769-5b047e10a71e.xml'.
dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[18]
      Found key {e4f2e989-4934-489a-a769-5b047e10a71e}.
dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.DefaultKeyResolver[13]
      Considering key {e4f2e989-4934-489a-a769-5b047e10a71e} with expiration date 2018-11-30 12:41:26Z as default key. dbug: Microsoft.AspNetCore.DataProtection.TypeForwardingActivator[0]
      Forwarded activator type request from Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection, Version=2.1.1.0, Culture=neutral, PublicKeyToken=adb9793829ddae60 to Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection, Culture=neutral, PublicKeyToken=adb9793829ddae60
dbug: Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ManagedAuthenticatedEncryptorFactory[11]
      Using managed symmetric algorithm 'System.Security.Cryptography.Aes'.
dbug: Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ManagedAuthenticatedEncryptorFactory[10]
      Using managed keyed hash algorithm 'System.Security.Cryptography.HMACSHA256'.
dbug: Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider[2]
      Using key {e4f2e989-4934-489a-a769-5b047e10a71e} as the default key.
dbug: Microsoft.AspNetCore.DataProtection.Internal.DataProtectionStartupFilter[0]
      Key ring with default key {e4f2e989-4934-489a-a769-5b047e10a71e} was loaded during application startup.
info: IdentityServer4.Startup[0]
      You are using the in-memory version of the persisted grant store. This will store consent decisions, authorization codes, refresh and reference tokens in memory only. If you are using any of those features in production, you want to switch to a different store implementation.
dbug: IdentityServer4.Startup[0]
      Custom IssuerUri set to Ocelot
dbug: IdentityServer4.Startup[0]
      Using Bearer as default scheme for authentication
dbug: IdentityServer4.Startup[0]
      Using Bearer as default scheme for sign-in
dbug: IdentityServer4.Startup[0]
      Using Bearer as default scheme for sign-out
dbug: IdentityServer4.Startup[0]
      Using Bearer as default scheme for challenge
dbug: IdentityServer4.Startup[0]
      Using Bearer as default scheme for forbid
dbug: Microsoft.AspNetCore.Mvc.MvcJsonOptions[0]
      Compatibility switch AllowInputFormatterExceptionMessages in type MvcJsonOptions is using default value False
dbug: Microsoft.AspNetCore.Mvc.MvcOptions[0]
      Compatibility switch AllowCombiningAuthorizeFilters in type MvcOptions is using default value False
dbug: Microsoft.AspNetCore.Mvc.MvcOptions[0]
      Compatibility switch AllowBindingHeaderValuesToNonStringModelTypes in type MvcOptions is using default value False
dbug: Microsoft.AspNetCore.Mvc.MvcOptions[0]
      Compatibility switch AllowValidatingTopLevelNodes in type MvcOptions is using default value False
dbug: Microsoft.AspNetCore.Mvc.MvcOptions[0]
      Compatibility switch InputFormatterExceptionPolicy in type MvcOptions is using default value AllExceptions
dbug: Microsoft.AspNetCore.Mvc.MvcOptions[0]
      Compatibility switch SuppressBindingUndefinedValueToEnumType in type MvcOptions is using default value False
dbug: Microsoft.AspNetCore.Mvc.ModelBinding.ModelBinderFactory[12]
      Registered model binder providers, in the following order: Microsoft.AspNetCore.Mvc.ModelBinding.Binders.BinderTypeModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.ServicesModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.BodyModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.HeaderModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.FloatingPointTypeModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.EnumTypeModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.SimpleTypeModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.CancellationTokenModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.ByteArrayModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.FormFileModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.FormCollectionModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.KeyValuePairModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.DictionaryModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.ArrayModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.CollectionModelBinderProvider, Microsoft.AspNetCore.Mvc.ModelBinding.Binders.ComplexTypeModelBinderProvider
dbug: Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer[2]
      Failed to locate the development https certificate at '(null)'.
warn: Microsoft.AspNetCore.Server.Kestrel[0]
      Unable to bind to http://localhost:80 on the IPv6 loopback interface: 'Cannot assign requested address'.
dbug: Microsoft.AspNetCore.Hosting.Internal.WebHost[4]
      Hosting started
dbug: Microsoft.AspNetCore.Hosting.Internal.WebHost[0]
      Loaded hosting startup assembly ApiGatewayOcelot
Hosting environment: Production
Content root path: /app
Now listening on: http://localhost:80
Application started. Press Ctrl+C to shut down.

Response from app

C:\Users\thoma> Invoke-RestMethod

cmdlet Invoke-RestMethod at command pipeline position 1
Supply values for the following parameters:
Uri: http://localhost:55580/administration/.well-known/openid-configuration
Invoke-RestMethod : The underlying connection was closed: The connection was closed unexpectedly.
At line:1 char:1
+ Invoke-RestMethod
+ ~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebExc
   eption
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

SSH onto the container and call your asp.net app works fine

C:\Users\thoma\dev\Ocelot [master ≡]> docker ps
CONTAINER ID        IMAGE                 COMMAND                  CREATED             STATUS              PORTS
                     NAMES
150a1011ed57        platform/apigateway   "dotnet ApiGatewayOc…"   2 minutes ago       Up 2 minutes        5000/tcp, 0.0.0.0:55580->80/tcp   apigateway
C:\Users\thoma\dev\Ocelot [master ≡]> docker exec -it 150a1011ed57 /bin/bash
root@150a1011ed57:/app# curl http://localhost:80/administration/.well-known/openid-configuration;
{"issuer":"Ocelot","jwks_uri":"http://localhost/administration/.well-known/openid-configuration/jwks","authorization_endpoint":"http://localhost/administration/connect/authorize","token_endpoint":"http://localhost/administration/connect/token","userinfo_endpoint":"http://localhost/administration/connect/userinfo","end_session_endpoint":"http://localhost/administration/connect/endsession","check_session_iframe":"http://localhost/administration/connect/checksession","revocation_endpoint":"http://localhost/administration/connect/revocation","introspection_endpoint":"http://localhost/administration/connect/introspect","frontchannel_logout_supported":true,"frontchannel_logout_session_supported":true,"backchannel_logout_supported":true,"backchannel_logout_session_supported":true,"scopes_supported":["admin","offline_access"],"claims_supported":[],"grant_types_supported":["authorization_code","client_credentials","refresh_token","implicit"],"response_types_supported":["code","token","id_token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["form_post","query","fragment"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256"],"code_challenge_methods_supported":["plain","S256"]}root@150a1011ed57:/app#

In my opinion there is something wrong with the dockerfile setup because no requests from outside docker are hitting the asp.net app (set log level to trace) and make requests from browser you wont see anything logged.

I don't think I can help further with this issue as I don't know that much about docker, sorry!

@TomPallister
Could you please suggest if should POST request to overrwrite the existing configuration make change in appconfig.json file?

From docs:

Please note that if you want to use this API then the process running Ocelot must have permission to write to the disk where your ocelot.json or ocelot.{environment}.json is located. This is because Ocelot will overwrite them on save.

I have all permissions, but my file didn't change. POST request returns 200 Ok status code

@Marusyk which file on disk are you checking?

Ocelot won't change your appsettings.json (I noticed you use this to load the configuration). It will create an ocelot.{env}.json file on disk and use this as like a datastore.

You can get your initial configuration into Ocelot using appsettings.json because it just uses .net options API but after this all the other features need to write to file and it cant write to appsettings. I guess this isn't very clear. Maybe I could change the builder to UseConfiguration("path-user-chooses-for-config-file) so this is way more explicit.

I have same problem and in this url:
ocelot_base_address/administration/.well-known/openid-configuration

Result contain wrong issuer:
"issuer":"Ocelot" this must be "issuer":"ocelot_base_address/administration"

  • remember: @TomPallister postman collection link need modify header and it work.**

This is result of request:
{"issuer":"Ocelot","jwks_uri":"http://localhost:5009/administration/.well-known/openid-configuration/jwks","authorization_endpoint":"http://localhost:5009/administration/connect/authorize","token_endpoint":"http://localhost:5009/administration/connect/token","userinfo_endpoint":"http://localhost:5009/administration/connect/userinfo","end_session_endpoint":"http://localhost:5009/administration/connect/endsession","check_session_iframe":"http://localhost:5009/administration/connect/checksession","revocation_endpoint":"http://localhost:5009/administration/connect/revocation","introspection_endpoint":"http://localhost:5009/administration/connect/introspect","frontchannel_logout_supported":true,"frontchannel_logout_session_supported":true,"backchannel_logout_supported":true,"backchannel_logout_session_supported":true,"scopes_supported":["admin","offline_access"],"claims_supported":[],"grant_types_supported":["authorization_code","client_credentials","refresh_token","implicit"],"response_types_supported":["code","token","id_token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["form_post","query","fragment"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256"],"code_challenge_methods_supported":["plain","S256"]}

Was this page helpful?
0 / 5 - 0 ratings