Login/Register
Authenticate with Azure AD using ASPNET Core 2 from behind Corporate Proxy
Asked Answered
Solved asp.net-coreproxyazure-active-directoryopenid
C

2

5

I have an ASPNET Core 2 application which I am trying to Authenticate with Azure AD using OpenId. I just have boilerplate code from selecting Single Organization Authentication in the ASPNET Core 2 templates, so no custom code. I followed the article here.

The app is not able to get metadata from the Azure AD application because of proxy. The same URL returns data if I just paste it in browser.

The error I get is:

HttpRequestException: Response status code does not indicate success: 407 (Proxy Authentication Required).

System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() IOException: IDX10804: Unable to retrieve document from: 'https://login.microsoftonline.com/my-tenant-id/.well-known/openid-configuration'.

Microsoft.IdentityModel.Protocols.HttpDocumentRetriever+d__8.MoveNext()

I have another ASPNET 4.5.2 application where I am able to perform authentication with the same Azure AD app as above after setting proxy in code like below:

System.Net.HttpWebRequest.DefaultWebProxy = new WebProxy
        {
            Address = new Uri("http://my-company-proxy:8080"),
            Credentials = new NetworkCredential
            {
                UserName = "proxyusername",
                Password = "proxypassword"
            }
        };

So Essentially my problem is to get past the Proxy Authentication in ASPNET Core 2.

I have tried Microsoft.AspNetCore.Proxy package. Its pretty much broken and doesn't work for me. Also I tried adding the Proxy entries in machine.config (which are actually not required for 4.5.2 app) but that doesn't work as well. I believe getting past a corporate proxy should be very trivial, but doesn't look like it so far.

Compost answered 2/4, 2018 at 22:14 Comment(0)
C
10

Tratcher's comment pointed me in the right direction and I got it working, but just to help everyone with it, below is what you need to do:

  builder.AddOpenIdConnect(options => options.BackchannelHttpHandler = new HttpClientHandler
        {
            UseProxy = true,
            Proxy = new WebProxy
            {
                Credentials = new NetworkCredential
                {
                    UserName = "myusername",
                    Password = "mypassword"
                },
                Address = new Uri("http://url:port")
            }
        });
Compost answered 3/4, 2018 at 14:37 Comment(2)
Thank you! I'm behind a corporate proxy and this worked for me.In my case I omitted the Credentials property as our proxy use Windows Authentication and my IIS Express process is running as me.Crispy
I needed to bypass the proxy so used this, but set UseProxy to false.Swiss
S
0

In Full .net framework setting up a proxy is using a config setting entry but to use an HTTP proxy in .net core ,you have to implement IWebProxy interface.

Microsoft.AspNetCore.Proxy is proxy middleware which serves a different purpose (to setup reverse proxy) not as an http proxy .Refer this article for more details

To implement a webproxy in .net core,

public class MyHttpProxy : IWebProxy
    {

        public MyHttpProxy()
        {
           //here you can load it from your custom config settings 
            this.ProxyUri = new Uri(proxyUri);
        }

        public Uri ProxyUri { get; set; }

        public ICredentials Credentials { get; set; }

        public Uri GetProxy(Uri destination)
        {
            return this.ProxyUri;
        }

        public bool IsBypassed(Uri host)
        {
            //you can proxy all requests or implement bypass urls based on config settings
            return false; 

        }
    }


var config = new HttpClientHandler
{
    UseProxy = true,
    Proxy = new MyHttpProxy()
};

//then you can simply pass the config to HttpClient
var http = new HttpClient(config)

checkout https://msdn.microsoft.com/en-us/library/system.net.iwebproxy(v=vs.100).aspx

Sheng answered 3/4, 2018 at 5:32 Comment(3)
The WebProxy class should be adequate, no need for a custom implementation.Ellissa
Once you get your proxy settings worked out from the code above you can assign them to the OpenIdConnectOptions.Backchannel.Ellissa
Thanks guys. Like Tratcher mentioned, I didn't need to implement my own proxy. The key was to assign a HttpClientHandler (which also can hold an instance of WebProxy) to OpenIdConnectOptions.BackchannelHttpHandler. I was stuck because I thought I had no way to pass an HttpClientHandler since the HttpClient Creation is internal to the OpenId middleware. So Tratcher's above comment answers my questionCompost

© 2022 - 2024 — McMap. All rights reserved.