具有OpenID Connect重定向的反向代理 [英] Reverse proxy with openid connect redirection

问题描述

在我的应用程序中，我已将Identity server 3与openid-connect集成在一起. 在我们的生产服务器上，我们的网站位于反向代理后面，这会引起问题；

In my application I have integrated Identity server 3 with openid-connect. On our production server our website is behind a reverse proxy which is causing problems;

当用户登录并由身份服务器重定向回时，我们的应用程序希望将用户重定向到其原始位置(带有AuthorizeAttribute的页面). 这里的问题是用户被重定向到隐藏的URL，而不是reverse proxy使用的公共URL.

When the user logs in and is redirected back by identity server, our application wants to redirect the user to his original location (the page with the AuthorizeAttribute). The problem here is that the user is redirected to the hidden url instead of the public url used by the reverse proxy.

如何将用户重定向到公共网址?

How can I redirect the user to the public url?

推荐答案

经过长时间的搜索，这就是解决方法:

After a long search this is the fix:

OWIN中间件UseOpenIdConnectAuthentication在Options属性中具有属性Notifications. 此Notifications属性具有func SecurityTokenValidated.在此功能中，您可以修改重定向Uri.

The OWIN middleware UseOpenIdConnectAuthentication has a property Notifications in the Options property. This Notifications property has a func SecurityTokenValidated. In this function you can modify the Redirect Uri.

app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
    Authority = "https://idp.io",
    ClientId = "clientid",
    RedirectUri = "https://mywebsite.io",
    ResponseType = "code id_token token",
    Scope = "openid profile",
    SignInAsAuthenticationType = "Cookies",
    UseTokenLifetime = false,
    Notifications = new OpenIdConnectAuthenticationNotifications
    {
        SecurityTokenValidated = notification =>
        {
            notification.AuthenticationTicket.Properties.RedirectUri = RewriteToPublicOrigin(notification.AuthenticationTicket.Properties.RedirectUri);
            return Task.CompletedTask;
        }
    }
});

这是将URL重写为公共来源的函数:

This is the function which rewrites the url to the public origin:

private static string RewriteToPublicOrigin(string originalUrl)
{
    var publicOrigin = ConfigurationManager.AppSettings["app:identityServer.PublicOrigin"];
    if (!string.IsNullOrEmpty(publicOrigin))
    {
        var uriBuilder = new UriBuilder(originalUrl);
        var publicOriginUri = new Uri(publicOrigin);
        uriBuilder.Host = publicOriginUri.Host;
        uriBuilder.Scheme = publicOriginUri.Scheme;
        uriBuilder.Port = publicOriginUri.Port;
        var newUrl = uriBuilder.Uri.AbsoluteUri;

        return newUrl;
    }

    return originalUrl;
}

现在OpenIdConnect将用户重定向到公共URL，而不是非公共Web服务器URL.

Now the OpenIdConnect redirects the user to the public url instead of the non-public webserver url.

这篇关于具有OpenID Connect重定向的反向代理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！