具有OpenID Connect重定向的反向代理 [英] Reverse proxy with openid connect redirection
问题描述
在我的应用程序中,我已将Identity server 3
与openid-connect
集成在一起.
在我们的生产服务器上,我们的网站位于反向代理后面,这会引起问题;
In my application I have integrated Identity server 3
with openid-connect
.
On our production server our website is behind a reverse proxy which is causing problems;
当用户登录并由身份服务器重定向回时,我们的应用程序希望将用户重定向到其原始位置(带有AuthorizeAttribute
的页面).
这里的问题是用户被重定向到隐藏的URL,而不是reverse proxy
使用的公共URL.
When the user logs in and is redirected back by identity server, our application wants to redirect the user to his original location (the page with the AuthorizeAttribute
).
The problem here is that the user is redirected to the hidden url instead of the public url used by the reverse proxy
.
如何将用户重定向到公共网址?
How can I redirect the user to the public url?
推荐答案
经过长时间的搜索,这就是解决方法:
After a long search this is the fix:
OWIN中间件UseOpenIdConnectAuthentication
在Options
属性中具有属性Notifications
.
此Notifications
属性具有func
SecurityTokenValidated
.在此功能中,您可以修改重定向Uri.
The OWIN middleware UseOpenIdConnectAuthentication
has a property Notifications
in the Options
property.
This Notifications
property has a func
SecurityTokenValidated
. In this function you can modify the Redirect Uri.
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
Authority = "https://idp.io",
ClientId = "clientid",
RedirectUri = "https://mywebsite.io",
ResponseType = "code id_token token",
Scope = "openid profile",
SignInAsAuthenticationType = "Cookies",
UseTokenLifetime = false,
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = notification =>
{
notification.AuthenticationTicket.Properties.RedirectUri = RewriteToPublicOrigin(notification.AuthenticationTicket.Properties.RedirectUri);
return Task.CompletedTask;
}
}
});
这是将URL重写为公共来源的函数:
This is the function which rewrites the url to the public origin:
private static string RewriteToPublicOrigin(string originalUrl)
{
var publicOrigin = ConfigurationManager.AppSettings["app:identityServer.PublicOrigin"];
if (!string.IsNullOrEmpty(publicOrigin))
{
var uriBuilder = new UriBuilder(originalUrl);
var publicOriginUri = new Uri(publicOrigin);
uriBuilder.Host = publicOriginUri.Host;
uriBuilder.Scheme = publicOriginUri.Scheme;
uriBuilder.Port = publicOriginUri.Port;
var newUrl = uriBuilder.Uri.AbsoluteUri;
return newUrl;
}
return originalUrl;
}
现在OpenIdConnect
将用户重定向到公共URL,而不是非公共Web服务器URL.
Now the OpenIdConnect
redirects the user to the public url instead of the non-public webserver url.
这篇关于具有OpenID Connect重定向的反向代理的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!