CODEWITHSUNDEEP
c#iisasp.net-corereverse-proxyidentityserver4
ndoes
ndoes

Reputation: 678

Deploying IdentityServer4 behind reverse proxy

We're trying to deploy IdentityServer4 behind a reverse proxy. The discovery document returns local urls e.g.

https://xxx.local/connect/token

Where we need 

https://xxx.domain.com/connect/token

The IdentityServer docs point us to this github page. However, when we configure the middleware as described we see no changes.

var options = new ForwardedHeadersOptions
{
    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
};
options.KnownNetworks.Clear();
options.KnownProxies.Clear();
app.UseForwardedHeaders(options);

A similar setup is found on this github page. The presented solution uses nginx, so perhaps our iis config is off.

In IIS for the proxy:

enter image description here

<serverVariables>
     <set name="HTTP_X_ORIGINAL_REMOTE_ADDR" value="{REMOTE_ADDR}" />
     <set name="HTTP_X_FORWARDED_PROTO" value="https" />
</serverVariables>

Any help would be appreciated.

Upvotes: 3

Views: 5011

Answers (2)

riskeez
riskeez

Reputation: 103

Update for 2020 (IdentityServer4 v4.x): PublicOrigin property was removed.

See: https://github.com/IdentityServer/IdentityServer4/issues/4535

Upvotes: 5

Larry
Larry

Reputation: 395

Inside of IDS start up where you initiate IDS try the following code

var builder = services.AddIdentityServer(options =>
        {
            ...


            options.PublicOrigin = "https://domainName.com";// <= try adding this!

           ...




        })

This will force your discover endpoint to be your public IP. Let me know if that works. I

Upvotes: 5

Related Questions