I am building a API gateway (implemented using proxykit) that stays between a web client and a web API server. The API gateway may forward the client's requests to the web API based on some routing condition, and under the client's identity. To fulfill this, the API gateway needs to impersonate the client and sends the requests on the client's behalf. I implemented the impersonation as a middleware that lies between the client and the IIS in which the API gateway is deployed. In particular, in the Configure method, I added the following code:
app.Use(async (context, next) =>
{
var user = (WindowsIdentity)context.User.Identity;
await WindowsIdentity.RunImpersonated(user.AccessToken, async () =>
{
await next();
});
});
app.Map("/api/", app1 =>
{
app1.RunProxy(ctx => ctx
.ForwardTo("https://server1/api/")
.AddXForwardedHeaders()
.Send());
});
However, the program crashes with error 503: localhost is currently unable to handle this request. The program works fine if there is no impersonation, i.e., removing RunImpersonated. Can someone give me a hints on how to solve this problem? I use Asp.net core 2.2.
Unfortunately, I could not find any solutions on the internet. There are some discussions on this issues but either they focus on Asp.net framework, or old version of asp.net core which do not apply to my case. Some people manage to get the impersonation work but they only present their usecase where RunImpersonated is used in a synchronous manner which is not useful to me, because I have to use asynchronous Invoke to delegate the request to the web API server.
app.Use(async (context, next) =>
{
var user = (WindowsIdentity)context.User.Identity;
await WindowsIdentity.RunImpersonated(user.AccessToken, async () =>
{
await next();
});
});
app.Map("/api/", app1 =>
{
app1.RunProxy(ctx => ctx
.ForwardTo("https://server1/api/")
.AddXForwardedHeaders()
.Send());
});
The error I got was: This page isn’t working localhost is currently unable to handle this request. HTTP ERROR 503
Aucun commentaire:
Enregistrer un commentaire