CODEWITHSUNDEEP
asp.netasp.net-mvciis-7owinreverse-proxy
Malyngo
Malyngo

Reputation: 893

ASP.NET MVC application behind reverse proxy - using wrong host name after auth

I have an ASP.NET MVC application using OWIN authentication that is running behind a reverse proxy.

The authentication in ASP.NET is set up like this:

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,

            LoginPath = new PathString("/Account/Login"),
            Provider = new CookieAuthenticationProvider
            {
                // Enables the application to validate the security stamp when the user logs in.
                // This is a security feature which is used when you change a password or add an external login to your account.  
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                    validateInterval: TimeSpan.FromMinutes(30),
                    regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
            }
        });

The reverse proxy in iis is setup like this in the web.config:

<system.webServer>
<httpErrors errorMode="Detailed" />
<asp scriptErrorSentToBrowser="true"/>
    <rewrite>
            <rule name="proxy" stopProcessing="true">
                <match url="^app/?(.*)" />
                <serverVariables>
                    <set name="X_REQUESTED_URL_PATH" value="{R:1}" />
                </serverVariables>
                <action type="Rewrite" url="https://myapp.mydomain.toplevel/app/{R:1}" />
            </rule>
    </rewrite>
<system.webServer>

The reverse proxy is hosted at https://www.mydomain.toplevel/app/{R:1}

Everything is working fine, RedirectToAction will redirect to www.mydomain.toplevel.

But when I try to open a controller with the AuthenticationAttribute, the redirect will go to https://myapp.mydomain.toplevel/account/login instead of www.mydomain.toplevel

How can I configure this that my application stays behind the reverse proxy, even when the auth redirect is happening? As a first workaround, I tried to hardcode the LoginPath with the hostname in front, but this will give an error that the path should start with a /.

Upvotes: 3

Views: 1577

Answers (1)

Malyngo
Malyngo

Reputation: 893

Turns out this is quite easy to fix. I just implemented my own OnApplyRedirect method on the AuthenticationProvider:

var provider = new CookieAuthenticationProvider
{
    // ..
};

provider.OnApplyRedirect = context =>
{
    UrlHelper _url = new UrlHelper(System.Web.HttpContext.Current.Request.RequestContext);
    String actionUri = _url.Action("Login", "Account", new { ReturnUrl = context.Request.Uri.PathAndQuery });
    context.Response.Redirect(actionUri);
};

Upvotes: 2

Related Questions