System.Webserver同时重写并确保安全

Question

I'm serving Confluence through IIS to end user, here is web.config:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <security>
            <requestFiltering allowDoubleEscaping="True" />
        </security>
        <rewrite>
            <rules>
                <rule name="RewriteUserFriendlyURL" stopProcessing="false">
                    <match url="\+" />
                    <conditions>
                        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
                    </conditions>
                    <action type="Rewrite" url="{UrlDecode:{REQUEST_URI}}" />
                </rule>
                <rule name="inbound" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://localhost:8090/{R:1}" />
                </rule>
            </rules>
        </rewrite>
        <handlers>
            <remove name="WebServiceHandlerFactory-ISAPI-2.0-64" />
            <remove name="WebServiceHandlerFactory-ISAPI-2.0" />
            <remove name="PageHandlerFactory-ISAPI-2.0" />
            <remove name="PageHandlerFactory-ISAPI-2.0-64" />
            <remove name="PageHandlerFactory-Integrated" />
            <remove name="WebServiceHandlerFactory-Integrated" />
            <remove name="SimpleHandlerFactory-ISAPI-2.0-64" />
            <remove name="SimpleHandlerFactory-ISAPI-2.0" />
            <remove name="SimpleHandlerFactory-Integrated" />
            <remove name="CGI-exe" />
            <remove name="ISAPI-dll" />
        </handlers>
    </system.webServer>
</configuration>

Confluence runs in it's own process on port 8090 What I want is somehow add confluence as a subfolder to another site so it goes to:

site.com/confluence

site.com is ASP.NET website. I'd like to password-protect /confluence folder.

So, if user logged in to site.com (ASP.NET Membership provider) - they get access to /confluence folder.

Is this possible and how this should be done?

Answer 1

What you are asking for is Delegated Authentication of a IIS Reverse Proxy.

This is technically possible.

You don't want to do this. Because you would need to use ASP.Net authentication to view the website. But then you also need to log in using your confluence log in.

You actually want to use

• IIS Reverse Proxy/Application Request Routing (this puts the Confluence website in the "subfolder")
• Single Sign-on Integration with ASP.Net Membership.

https://confluence.atlassian.com/kb/single-sign-on-integration-with-the-atlassian-stack-794495126.html

With this solution, Confluence uses Crowd to connect to ASP.Net using OpenID.

I recommend using IdentityServer to expose your ASP.Net Membership Provider to the OpenID api.