Open Closed

Ip address in audit logs not client's ip address #7304


User avatar
0
rogercprops created
  • ABP Framework version: v7.2.
  • UI Type: MVC / Vue
  • Database System: EF Core SQL Server
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace: N/A
  • Steps to reproduce the issue:

We have implemented a microservices architecture using the ABP Commercial Microservice template. The architecture is pretty close to the Abp diagram here https://docs.abp.io/en/commercial/7.2/startup-templates/microservice/index with a few notable exceptions.

  • We're not using a public gateway or application
  • We have a Vue js 3 front end application that authenticates the user through the authserver using the Authorization code flow
  • We have a couple of other applications that authenticate the user through the authserver using the Client credentials grant
  • The Vue application and external applications access the microservices via API calls through the gateway (we use Postman to test the external application API calls)

The backend applications and gateway are running in a single Azure Kubernetes cluster. The IP address of the gateway pod is 10.1.1.21.

Regardless of which application is executing the microservice method, it appears that the IP address is address for the gateway AKS pod. The expected result would be for the IP Address to be the external IP from the user's machine. (See screenshots from the audit log below). Is this a defect or is there something we need to configure on our end?

Web MVC app

Vue App

Postman calling microservice API via gateway


7 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Maybe you need this https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balance

  • User Avatar
    0
    rogercprops created

    Could you please be more specific. Maybe I need what and where?

    There are multiple topics covered in the link you provided.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    You need to configure the Forward header.

    https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-8.0#forwarded-headers-middleware-order

  • User Avatar
    0
    rogercprops created

    Since this is C# code it's obvious in goes in a .net application. Is that in the front-end application, the ocelot gateway application or the microservice.

    If it's in the front end application that won't work for us since we're using Vue for the front-end and using microservices for the backend.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    You should add it to the backend code

  • User Avatar
    0
    rogercprops created

    Hi,

    I updated the program.cs in the web-gateway and in the HttpApi.Host program.cs in one of the microservices. The log is still showing the ip address of the web-gateway pod.

    This is the code in the HttpApi.Host program.cs

    \`\*\*using System;
    using System.Threading.Tasks;
    using Microsoft.AspNetCore.Builder;
    using Microsoft.Extensions.DependencyInjection;
    using Microsoft.Extensions.Hosting;
    using Microsoft.AspNetCore.HttpOverrides;
    using CprOnAbp.Shared.Hosting.AspNetCore;
    using Serilog;
    
    namespace CprOnAbp.ClientService;
    
    public class Program
    {
    public async static Task Main(string[] args)
    {
    var assemblyName = typeof(Program).Assembly.GetName().Name;
    
    
        SerilogConfigurationHelper.Configure(assemblyName);
    
        try
        {
            Log.Information($"Starting {assemblyName}.");
            var builder = WebApplication.CreateBuilder(args);
            
            builder.Services.Configure<ForwardedHeadersOptions>(options =>
            {
                options.ForwardedHeaders =
            ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
            });
    
    
            builder.Host
                .AddAppSettingsSecretsJson()
                .UseAutofac()
                .UseSerilog();
    
            await builder.AddApplicationAsync<ClientServiceHttpApiHostModule>();
    
            var app = builder.Build();
    
            app.UseForwardedHeaders();
    
            await app.InitializeApplicationAsync();
            await app.RunAsync();
            return 0;
        }
        catch (Exception ex)
        {
            Log.Fatal(ex, $"{assemblyName} terminated unexpectedly!");
            return 1;
        }
        finally
        {
            Log.CloseAndFlush();
        }
    }
    
    }
    \*\*\`
    
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Please configure it in the ClientServiceHttpApiHostModule class

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09