New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support to reverse proxies #2
Comments
I just noticed that the ForwardedHeadersMiddleware can be enabled as simply as setting the env variable ASPNETCORE_FORWARDEDHEADERS_ENABLED to true (ForwardedHeaderStartupFilter). Doing so, the default values for the ForwardedHeadersOptions are going to be used except for the overridden options in the (ForwardedHeadersOptionsSetup). Basically, only the x-forwarded-proto and x-forwarded-for headers are going to be used, which is not enough for us since we also need x-forwarded-host. I see two options here:
|
I have an implementation proposal on the support-reverse-proxies branch. In Program.cs SPID-and-Digital-Identity-Enabler/WebApps/Proxy/Microsoft.SPID.Proxy/Program.cs Lines 13 to 16 in 16796aa
Where ConfigureForwardedHeadersOptions() is SPID-and-Digital-Identity-Enabler/WebApps/Proxy/Microsoft.SPID.Proxy/Program.cs Lines 78 to 111 in 16796aa
Then in the appsettings we can define the ForwardedHeaders section and set all the required options. The ForwardedHeaders are defaulted to All (Which means X-Forwarded-For | X-Forwarded-Proto | X-Forwarded-Host) SPID-and-Digital-Identity-Enabler/WebApps/Proxy/Microsoft.SPID.Proxy/appsettings.json Lines 161 to 163 in 16796aa
@MarcoZama , @tommasodotNET , @PaoloCastAway , any thoughts? |
We actually generate the AssertionConsumerServiceUrl using the HTTP Request host. This won't work in scenarios where reverse proxies are used, since the request host will be different from the "public" host that users can reach.
We basically need to change the following line
SPID-and-Digital-Identity-Enabler/WebApps/Proxy/Microsoft.SPID.Proxy/Services/Implementations/SAMLService.cs
Lines 32 to 36 in 63ef10f
We could use the x-forwarded-host header (https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-6.0) or, eventually, just put the right host in config.
The text was updated successfully, but these errors were encountered: