From f598b78ecb74500b0f271709dd707338789a0a95 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Fri, 21 Jul 2017 12:53:26 -0400 Subject: [PATCH] UseForwardedHeadersForAzure --- src/Api/Startup.cs | 8 +++++++- src/Billing/Startup.cs | 7 +++++++ src/Core/Core.csproj | 1 + .../Utilities/ServiceCollectionExtensions.cs | 17 +++++++++++++++++ src/Identity/Startup.cs | 7 +++++++ 5 files changed, 39 insertions(+), 1 deletion(-) diff --git a/src/Api/Startup.cs b/src/Api/Startup.cs index c6efdb5e60..a2a21fa093 100644 --- a/src/Api/Startup.cs +++ b/src/Api/Startup.cs @@ -150,6 +150,12 @@ namespace Bit.Api }) .AddDebug(); + // Forwarded headers + if(!env.IsDevelopment()) + { + app.UseForwardedHeadersForAzure(); + } + // Rate limiting app.UseMiddleware(); @@ -173,7 +179,7 @@ namespace Bit.Api app.UseMvc(); } - private IdentityServerAuthenticationOptions GetIdentityOptions(IHostingEnvironment env, + private IdentityServerAuthenticationOptions GetIdentityOptions(IHostingEnvironment env, string authority, string suffix) { var options = new IdentityServerAuthenticationOptions diff --git a/src/Billing/Startup.cs b/src/Billing/Startup.cs index 312a422142..9a6a47c255 100644 --- a/src/Billing/Startup.cs +++ b/src/Billing/Startup.cs @@ -10,6 +10,7 @@ using Bit.Core.Utilities; using Serilog.Events; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.DependencyInjection.Extensions; +using Microsoft.AspNetCore.HttpOverrides; namespace Bit.Billing { @@ -69,6 +70,12 @@ namespace Bit.Billing app.UseDeveloperExceptionPage(); } + // Forwarded headers + if(!env.IsDevelopment()) + { + app.UseForwardedHeadersForAzure(); + } + app.UseMvc(); } } diff --git a/src/Core/Core.csproj b/src/Core/Core.csproj index fbd297beda..656f530935 100644 --- a/src/Core/Core.csproj +++ b/src/Core/Core.csproj @@ -44,6 +44,7 @@ + diff --git a/src/Core/Utilities/ServiceCollectionExtensions.cs b/src/Core/Utilities/ServiceCollectionExtensions.cs index ad710a82fe..9ab5624eb9 100644 --- a/src/Core/Utilities/ServiceCollectionExtensions.cs +++ b/src/Core/Utilities/ServiceCollectionExtensions.cs @@ -8,8 +8,10 @@ using IdentityModel; using IdentityServer4.Services; using IdentityServer4.Stores; using IdentityServer4.Validation; +using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Hosting; +using Microsoft.AspNetCore.HttpOverrides; using Microsoft.AspNetCore.Identity; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; @@ -170,5 +172,20 @@ namespace Bit.Core.Utilities services.AddSingleton(s => globalSettings); return globalSettings; } + + public static void UseForwardedHeadersForAzure(this IApplicationBuilder app) + { + // ref: https://github.com/aspnet/Docs/issues/2384 + var forwardOptions = new ForwardedHeadersOptions + { + ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto, + RequireHeaderSymmetry = false + }; + + forwardOptions.KnownNetworks.Clear(); + forwardOptions.KnownProxies.Clear(); + + app.UseForwardedHeaders(forwardOptions); + } } } diff --git a/src/Identity/Startup.cs b/src/Identity/Startup.cs index 3d24542ea4..e6261e105e 100644 --- a/src/Identity/Startup.cs +++ b/src/Identity/Startup.cs @@ -7,6 +7,7 @@ using Microsoft.Extensions.Configuration; using Bit.Core; using Bit.Core.Utilities; using Serilog.Events; +using Microsoft.AspNetCore.HttpOverrides; namespace Bit.Identity { @@ -72,6 +73,12 @@ namespace Bit.Identity .AddConsole() .AddDebug(); + // Forwarded headers + if(!env.IsDevelopment()) + { + app.UseForwardedHeadersForAzure(); + } + // Add IdentityServer to the request pipeline. app.UseIdentityServer(); }