excellalabs · SeanKilleen · Jun 5, 2020 · Jun 5, 2020
diff --git a/src/Konmaripo.Web/Konmaripo.Web/Startup.cs b/src/Konmaripo.Web/Konmaripo.Web/Startup.cs
@@ -7,6 +7,7 @@
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
+using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.AspNetCore.HttpsPolicy;
 using Microsoft.AspNetCore.Mvc.Authorization;
 using Microsoft.Extensions.Configuration;
@@ -26,11 +27,17 @@ public Startup(IConfiguration configuration)
         public IConfiguration Configuration { get; }
 
         // This method gets called by the runtime. Use this method to add services to the container.
+
         public void ConfigureServices(IServiceCollection services)
         {
+            ConfigureHackyHttpsEnforcement(services);
+
             IdentityModelEventSource.ShowPII = true;
             services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
-                .AddAzureAD(options => Configuration.Bind("AzureAd", options));
+                .AddAzureAD(options =>
+                {
+                    Configuration.Bind("AzureAd", options);
+                });
 
             services.AddControllersWithViews(options =>
             {
@@ -42,6 +49,27 @@ public void ConfigureServices(IServiceCollection services)
             services.AddRazorPages();
         }
 
+        /// <summary>
+        /// This is a workaround due to issues running in a Linux container with no reverse proxy in front of it.
+        /// In this situation, Azure AD authentication attempts to use a redirect URI that is http instead of https.
+        /// For more information: https://github.com/excellalabs/konmaripo/issues/10
+        /// </summary>
+        /// <param name="services"></param>
+        private void ConfigureHackyHttpsEnforcement(IServiceCollection services)
+        {
+            // HACK
+            services.Configure<ForwardedHeadersOptions>(options =>
+            {
+                options.ForwardedHeaders = ForwardedHeaders.XForwardedFor |
+                                           ForwardedHeaders.XForwardedProto;
+                // Only loopback proxies are allowed by default.
+                // Clear that restriction because forwarders are enabled by explicit 
+                // configuration.
+                options.KnownNetworks.Clear();
+                options.KnownProxies.Clear();
+            });
+        }
+
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
         public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
         {