Properly configure forwarded headers in ASP.NET Core

Whenever we are using a proxy server like nginx or IIS, we will run into problems when we need to find the exact IP that is calling into our service. Basically, what happens under a proxy is that our app doesn’t directly receive requests from outside, but from the proxy server itself.

We will notice that if we try to get the remote IP address like in the below example:

HttpContext.Connection.RemoteIpAddress

We’ll end up with the same IP every time (eg. 10.0.0.144). So the solution is to use forwarded headers feature which is implemented in ASP.NET Core.

What is a forwarded header?

Like shown above, a forwarded header will help the application to determine which is the original IP that sent the request. It’s up to the proxy server to set up the headers correctly. We have a couple of headers:

  1. X-Forwarded-Host – the original host name
  2. X-Forwarded-Proto – the original scheme (http or https)
  3. X-Forwarded-For – the original IP

In the majority of situations, we will need the X-Forwarded-For, which is the most important.

Configure forwarded headers in ASP.NET Core

Configuring the forwarded headers in ASP.NET Core is pretty straightforward. Thanks why we can call them straight-forwarded headers
๐Ÿ˜‚

Cool so to configure a straight-forwarded header we don’t need to add a new NuGet package, just add the right configuration and middleware to our Startup.cs file like so:

public void ConfigureServices(IServiceCollection services)
{
    services.Configure(options =>
    {
         options.ForwardedHeaders = Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.All;
    }
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    app.UseForwardedHeaders();
}

However, there is a small trick here that took me 2 days to solve. It’s not enough just to enable them, but you also have to supply a known proxy IP or known network for it to work as it should. Doing so will prevent IP spoofing attacks. The elegant solution is to add a configuration section in appsettings.json with the known proxy IPs:

{
  "KnownProxies": [
    "10.0.0.144"
  ]
}

And then use it in ConfigureServices method:

services.Configure(options =>
{
      options.ForwardedHeaders = Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.All;

      foreach (var proxy in Configuration.GetSection("KnownProxies").AsEnumerable().Where(c => c.Value != null))
      {
           options.KnownProxies.Add(IPAddress.Parse(proxy.Value));
      }
});

And that’s quite about it. It’s now up to you to determine which is the local proxy IP address to configure correctly.

Hope this article helps to understand more about straight-forwarded headers and how they work.

Thanks for reading, I hope you found this article useful and interesting. If you have any suggestions don’t hesitate to contact me. I also invite you to share and subscribe to the newsletter by using the buttons below! Cheersย ย ๐Ÿ˜‰

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Leave a Reply

avatar
  Subscribe  
Notify of