0

I'm using IdentityModel.AspNetCore to manage client access tokens in a background service. Access to the internet is only possible through a corporate proxy server which uses windows authentication.

The proxy server is configured in Windows options and the background service detects the settings, however authentication doesn't work and I'm constantly getting The proxy tunnel request to proxy 'http://proxy:8080/' failed with status code '407'. How can I configure the HttpClient to use the windows credentials for authentication against the proxy server?

I've already tried the following, but this doesn't work:

        services.AddAccessTokenManagement(options =>
        {
            options.Client.Clients.Add("sapci", new ClientCredentialsTokenRequest
            {
                Address = hostContext.Configuration["HttpProxy:TokenEndpoint"],
                ClientId = hostContext.Configuration["HttpProxy:ClientId"],
                ClientSecret = hostContext.Configuration["HttpProxy:ClientSecret"],
                GrantType = OidcConstants.GrantTypes.ClientCredentials,
                AuthorizationHeaderStyle = BasicAuthenticationHeaderStyle.Rfc2617,
                ClientCredentialStyle = ClientCredentialStyle.AuthorizationHeader
            });
        })
        .ConfigureBackchannelHttpClient(client => new HttpClient(new HttpClientHandler()
        {
            DefaultProxyCredentials = CredentialCache.DefaultCredentials,
        }));
4

1 回答 1

0

我相信您可以在应用程序启动时执行此操作,以确保您捕获所有客户端使用情况:

HttpClient.DefaultProxy = new WebProxy()
{
  Credentials = CredentialCache.DefaultCredentials
}:

我会将您的问题减少为部署一个最小的控制台应用程序并使用与您的服务相同的用户帐户等运行它。一旦这样做,您的主应用程序也将起作用。

有时这些事情也与基础设施相关:例如,在过去,在 IIS 集群环境中,我不得不使用服务帐户并注册服务主体名称,例如,以防止使用计算机帐户。我怀疑这与 .Net Core / Kestrel 有关,我假设您正在使用它。

于 2022-03-04T15:17:21.263 回答