BuildRedirectUri doesn't work for *.azurewebsites.net

[clairernovotny]

When trying to use OIDC in a dev/test instance on Azure Websites using the default wildcard cert (*.azurewebsites.net), it seems the Request.Scheme is coming in wrong. I assume this is because Azure is terminating the connection.

I have already tried

app.UseForwardedHeaders(new ForwardedHeadersOptions
            {
                ForwardedHeaders = Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.All
            });

But that doesn't work either. The redirect URI is generated as HTTP instead of HTTPS. There needs to be a better way of overriding the hostname/scheme as that's easy to set in configuration per environment.

[vcsjones]

Where in the pipeline is UserForwardedHeaders being set? Should be as far up in the pipeline as possible.

[clairernovotny]

It's near the top:

 // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
        {
            loggerFactory.AddConsole(Configuration.GetSection("Logging"));
            loggerFactory.AddDebug();

            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
                app.UseBrowserLink();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
            }

            app.UseForwardedHeaders(new ForwardedHeadersOptions
            {
                ForwardedHeaders = Microsoft.AspNetCore.HttpOverrides.ForwardedHeaders.All
            });

            app.UseStaticFiles();

            app.UseCookieAuthentication();

            app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
            {
                ClientId = Configuration["Authentication:AzureAd:ClientId"],
                ClientSecret = Configuration["Authentication:AzureAd:ClientSecret"],
                Authority = Configuration["Authentication:AzureAd:AADInstance"] + Configuration["Authentication:AzureAd:TenantId"],
                CallbackPath = Configuration["Authentication:AzureAd:CallbackPath"],                
                ResponseType = OpenIdConnectResponseTypes.CodeIdToken,
                SaveTokens = true,
                TokenValidationParameters = new TokenValidationParameters
                {
                    NameClaimType = "name",
                    RoleClaimType = "role",
                    SaveSigninToken = true
                }                
            });

            app.UseMvc(routes =>
            {
                routes.MapRoute(
                    name: "default",
                    template: "{controller=Home}/{action=Index}/{id?}");
            });

            Mapper.Initialize(config =>
            {
                config.CreateMap<ValidationRequestDto, ValidationRequest>()
                    .ReverseMap();
            });
        }

[kevinchalet]

Duplicate of aspnet/IISIntegration#140.

You can see this post for a workaround.

[clairernovotny]

Thanks, the fix of just using ForwardedHeaders.XForwardedProto worked for me. Closing.