stackoom
  简体   繁体   中英

ASP.NET Core app with Azure AD authentication behind a reverse proxy is setting the wrong redirect_uri

 原文  2020-10-10 22:24:52       azure/ asp.net-core/ oauth-2.0/ azure-active-directory/ azure-application-gateway

Question

I've been banging my head on this for a while. I have an ASP.NET Core 3.1 web app running on an Azure App Service. The web app has Azure AD authentication setup, with forwarded headers. Here's the ConfigureService :

services.Configure<ForwardedHeadersOptions>(options =>
{
    options.ForwardedHeaders =
        ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});

services
    .AddAuthentication(AzureADDefaults.AuthenticationScheme)
    .AddAzureAD(options =>
    {
        Configuration.Bind("AzureAd", options);
    });

And here's the Configure :

if (env.IsDevelopment())
{
    app.UseDeveloperExceptionPage();
    app.UseForwardedHeaders();
}
else
{
    app.UseExceptionHandler("/Error");
    app.UseForwardedHeaders();
    app.UseHsts();
}

app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseSpaStaticFiles();

app.UseRouting();
app.UseCors(Configuration["AllowedHosts"]);
app.UseAuthentication();
app.UseAuthorization();

I'm using an Azure Application Gateway as a reverse proxy. Problem occurs in the authentication flow. Once authenticated, the redirect_uri provided in the URL is the *.azurewebsites.net address and not the one I configured in the App Gateway *.mydomain.com . Further investigation reveals the following headers are provided to the App Service in a request:

X-FORWARDED-PROTO: https
X-FORWARDED-PORT: 443
X-Forwarded-For: ***IP ADDR OF APP GATEWAY***
X-Original-URL: ***
X-ORIGINAL-HOST: *.mydomain.com
X-ARR-SSL: 2048|256|C=US, S=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5|CN=*.azurewebsites.net
X-AppService-Proto: https
X-Forwarded-TlsVersion: 1.2

What else do I need to tell my backend app to use the forwarded headers (in my case, X-ORIGINAL-HOST seems to be the only one containing the actual requesting host)? This seems like a pretty straight forward use case. Thanks in advance for the help.

2 answers

solution1
 0 ACCPTED  2020-10-12 07:27:00

In your HTTP Settings under Hostname settings, mention *.domain.com. If youmake that change, make sure you have configured the Backend with the custom domain.

Regards, Msrini

solution2
 0  2020-10-16 02:59:27

I just ran into this. Make sure to include XForwardedHost in your options configuration, or just include ForwardedHeaders.All like this:

services.Configure<ForwardedHeadersOptions>(options =>
{
    options.ForwardedHeaders = ForwardedHeaders.All;
});

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure web App .net core OpenID redirect_uri issue Setting up redirect URI for Azure AD authentication from native app ASP.NET Core 6 : permit Azure AD authentication and local authentication ASP.NET Core MVC Azure AD Authentication Loop on Azure App Service Azure AD authentication for ASP.NET Core Web Application Azure AD authentication to existing ASP.NET Core Identity application ASP.NET Core Web API + Azure AD Authentication ASP.NET Core 3.1 Azure AD Authentication throws OptionsValidationException ASP.NET CORE 3.1: Azure AD Authentication fails in EDGE. Infinite redirect loops and page reloads during authentication ASP.NET Core Web App using Work (Azure AD) Authentication works debugging locally, but not after publish to Azure
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM