0

Per https://github.com/microsoft/reverse-proxy/issues/166#issuecomment-1267355264 it is possible to authenticate using the default network credentials cache when a server forwards a request through YARP.

(That is, it is possible to authenticate using credentials stored on the server; a user logging in through a proxy is confirmed not to be supported.)

But how to actually configure this?

The docs suggest that I can add a "WebProxy" block to my network configuration file, to which I can add a "UseDefaultCredentials" parameter:

      "MyCluster": {
        "Destinations": {
          "mydest": {
            "Address": "https://example.com",
            "UseDefaultCredentials": "true"
          }
        },
        "HttpClient": {
          "WebProxy": {
            "Address": "??? what goes here?",
            "UseDefaultCredentials": "true"
          }
        }
      },

But the question is in the code: what exactly is the address supposed to be for the outgoing web proxy? Is this separate from the URLs in the destinations section? What if there is more than one destination?

I have tried:

  • Specifying HttpClient.WebProxy.UseDefaultCredentials and leaving HttpClient.WebProxy.Address blank (not respected, still get a request for authentication)
  • Specifying both HttpClient.WebProxy.UseDefaultCredentials and HttpClient.WebProxy.Address, removing the "Destinations" section entirely (503 Service not configured)
Mattias Martens
  • 1,369
  • 14
  • 16

0 Answers0