I've been banging my head on this for a while.
I have an ASP.NET Core 3.1 web app running on an Azure App Service. The web app has Azure AD authentication setup, with forwarded headers.
Here's the ConfigureService:
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders =
ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});
services
.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options =>
{
Configuration.Bind("AzureAd", options);
});
And here's the Configure:
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseForwardedHeaders();
}
else
{
app.UseExceptionHandler("/Error");
app.UseForwardedHeaders();
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseSpaStaticFiles();
app.UseRouting();
app.UseCors(Configuration["AllowedHosts"]);
app.UseAuthentication();
app.UseAuthorization();
I'm using an Azure Application Gateway as a reverse proxy. Problem occurs in the authentication flow. Once authenticated, the redirect_uri provided in the URL is the *.azurewebsites.net address and not the one I configured in the App Gateway *.mydomain.com. Further investigation reveals the following headers are provided to the App Service in a request:
X-FORWARDED-PROTO: https
X-FORWARDED-PORT: 443
X-Forwarded-For: ***IP ADDR OF APP GATEWAY***
X-Original-URL: ***
X-ORIGINAL-HOST: *.mydomain.com
X-ARR-SSL: 2048|256|C=US, S=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5|CN=*.azurewebsites.net
X-AppService-Proto: https
X-Forwarded-TlsVersion: 1.2
What else do I need to tell my backend app to use the forwarded headers (in my case, X-ORIGINAL-HOST seems to be the only one containing the actual requesting host)? This seems like a pretty straight forward use case. Thanks in advance for the help.
In your HTTP Settings under Hostname settings, mention *.domain.com. If youmake that change, make sure you have configured the Backend with the custom domain.
Regards, Msrini