0

I am using nginx as reverse proxy for my asp.net core web application. I am using spnego module for nginx for supporting of windows integrated authentication. It is works, but if user enters incorrect credentials, credentials is not prompted again? instead of server send response "401 Authorization Required". How can I fix this?

nginx config:
server {
    listen       80;
    server_name  irm-nginx.irm.local;
    auth_gss on;
    auth_gss_realm IRM.LOCAL;
    auth_gss_format_full on;
    auth_gss_keytab /etc/nginx/user.keytab;
    auth_gss_service_name HTTP/irm-nginx.irm.local;

    location / {
        #root   /usr/share/nginx/html;
        #index  index.html index.htm;
        proxy_pass http://irmweb:80;
        proxy_http_version  1.1;
        proxy_cache_bypass  $http_upgrade;
        proxy_set_header Upgrade        $http_upgrade;
        proxy_set_header Connection        "upgrade";
        proxy_set_header Host              $host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host  $host;
        proxy_set_header X-Forwarded-Port  $server_port;
        proxy_set_header X-Forwarded-User $remote_user;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}
DarkGenius
  • 101
  • 1

1 Answers1

0

You could use a variable and some checks that bypass the cache on POST or certain pages. For example:

In your server block:

# Caching
set $skip_cache 0;

# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
        set $no_cache 1;
}
if ($query_string != "") {
  set $skip_cache 1;
}

# Don't cache uris containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
  set $skip_cache 1;
}

Then in your location block where you enable caching add the following:

fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;

The example above works for WordPress but you could adapt it to work with your application.

BullShark
  • 1
  • 1