Search code examples

Why redirections on my site take me to instead my domain?

I have configured my web app to time out on idle by setting the following in the Startup.auth.cs file:

app.UseCookieAuthentication(new CookieAuthenticationOptions
     ExpireTimeSpan = TimeSpan.FromHours(1),
     AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
     LoginPath = new PathString("/Account/Login"),
     SlidingExpiration = true,

My web app is behind a Virtual Network--->Application Gateway. The AG forwards the requests to the web app. I have also got rules that prevent direct access (i.e to the web app.

Now when the session times out, I get redirected to:

which is a blue screen with error 403(correct error), instead of my own domain like:

Anyone knows why I would get this behavior? thanks.

Edit: more looks like any redirect causes the above problem. So if I enter a URL which requires the user to login, then the redirected URL to the login page, has the in its address.


  • Any redirects without explicit host portions in the ASP.NET ecosystem will go to the host portion provided by the current HttpContext.Request.

    Your application gateway will make the final request to your application (like a proxy) and addresses it as your domain → meaning your ASP.NET app doesn't know about the original request to the gateway.

    What you will need to do is to set the incoming request hostname to the original hostname from the request that went to your Application Gateway.

    This documentation page (It's ASP.NET Core, but the same principle holds true for should allow you to get an insight on how to overwrite your incoming HttpContext.Request hostname to the original. There are of course multiple ways.

    1. Forwarded Headers (Which would then need to be set by your Application Gateway)
    2. Config entry (Having a config entry with a "hardcoded" hostname)

    Both approaches will just require extra middleware to override the current request according to the information gathered by either of these approaches.