c# – 在负载均衡器后面运行的Identity Server 4

services.AddIdentityServer()
        .AddSigningCredential(Config.GetSigningCertificate())
        .AddResourceOwnerValidator<ResourceOwnerPasswordValidator>()
        .AddProfileService<ProfileService>()
        .AddConfigurationStore(builder =>
                    builder.UseSqlServer(connectionString,options =>
                        options.MigrationsAssembly(migrationsAssembly)))
        .AddOperationalStore(builder =>
                    builder.UseSqlServer(connectionString,options =>
                        options.MigrationsAssembly(migrationsAssembly)));

这是服务的配置.

问题是当我在负载均衡器后面运行我的服务器时,例如处理所有请求的2个identic实例,用户未登录的服务器无法解码JWT令牌,导致401未经授权的错误.

我假设令牌的签名方法或他们的征名是问题,但我找不到解决这个问题的方法.

这是我配置的其余部分.

配置：

app.UseIdentityServerAuthentication(new IdentityServerAuthenticationOptions
{
      Authority = url,// Authority = "http://localhost:5000",AllowedScopes = { "WebAPI" },RequireHttpsMetadata = false,AutomaticAuthenticate = true,AutomaticChallenge = true,});

客户端：

new Client
{
     ClientId = "Angular2SPA",AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,// Resource Owner Password Credential grant.
     AllowAccessTokensViaBrowser = true,RequireClientSecret = false,// This client does not need a secret to request tokens from the token endpoint.
     AccessTokenLifetime = 7200,// Lifetime of access token in seconds.
     AllowedScopes = {
                       IdentityServerConstants.StandardScopes.OpenId,// For UserInfo endpoint.
                       IdentityServerConstants.StandardScopes.Profile,"roles","WebAPI"
                      },AllowOfflineAccess = true,// For refresh token.
     AccessTokenType = AccessTokenType.Jwt

}

我还实现了自己的IResourceOwnerPasswordValidator和IProfileService.

知道为什么会这样吗？