How can I configure my .NET app to use Azure Firewall proxy in explicit mode?

Gareth Wynn 0 Reputation points
2024-04-08T11:32:22.5433333+00:00

I'm trying to use Azure Firewall in explicit proxy mode to test that my .NET app works when configured with a proxy. The .NET app uses the WebProxy class to configure the HttpClient: https://learn.microsoft.com/en-us/dotnet/api/system.net.webproxy?view=net-8.0

The WebProxy class specifies a Uri as the proxy host however, The Azure Firewall configures separate HTTP and HTTPS ports. You can see it in the documentation here: https://learn.microsoft.com/en-us/dotnet/api/system.net.webproxy?view=net-8.0

I can make this work for requests from the web browser in the Windows proxy settings by setting the proxy host like this: http=10.10.10.132:8080;https=10.10.10.132:8443

See the guide in this post for more details on that: https://techcommunity.microsoft.com/t5/azure-network-security-blog/demystifying-explicit-proxy-enhancing-security-with-azure/ba-p/3873445

That works fine for requests coming from the browser. The problem is that my .NET app runs as a service account and so doesn't use those rules hence trying to use WebProxy to provide a way for the details to be configured in the application itself.

WebProxy only supports specifying the http address and that doesn't seem to work with Azure Firewall. Is there another way? Is this just a limitation of the Azure Firewall or the WebProxy? I realise that this explicit mode is still in preview but it seemed like a convenient way of setting up a proxy on Azure for testing purposes.

Thanks!

Gareth

.NET
.NET
Microsoft Technologies based on the .NET software framework.
3,390 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
570 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Monalla-MSFT 11,646 Reputation points
    2024-04-08T13:54:50.2866667+00:00

    @Gareth Wynn - Welcome to Microsoft Q&A and thanks for reaching out to us .

    The WebProxy class in .NET specifies a Uri as the proxy host, but Azure Firewall configures separate HTTP and HTTPS ports. You are correct that WebProxy only supports specifying the http address and that doesn't seem to work with Azure Firewall. One way to work around this limitation is to use a custom implementation of the IWebProxy interface. You can create a class that implements the IWebProxy interface and use it to specify the proxy settings for your .NET app.

    Please see below for a sample implementation of the IWebProxy interface that you can use as a starting point:

    public class AzureFirewallWebProxy : IWebProxy { private readonly Uri _proxyUri; public AzureFirewallWebProxy(Uri proxyUri) { _proxyUri = proxyUri; } public ICredentials Credentials { get; set; } public Uri GetProxy(Uri destination) { return _proxyUri; } public bool IsBypassed(Uri host) { return false; } }

    You can then use this class to configure the proxy settings for your HttpClient:

    var proxyUri = new Uri("http://10.10.10.132:8080"); 
var proxy = new AzureFirewallWebProxy(proxyUri);
 var httpClientHandler = new HttpClientHandler 
{ 
Proxy = proxy, 
UseProxy = true 
}; 
var httpClient = new HttpClient(httpClientHandler);

    This should allow you to use Azure Firewall in explicit proxy mode with your .NET app. Let me know if you have any further questions or concerns.

    Hope this helps. and please feel free to reach out if you have any further questions.

    Please don't forget to "Accept as Answer" and click "Yes" if the above response is helpful, so it can be beneficial to the community.