Search code examples
authenticationasp.net-coreproxyhttp-headersazure-front-door

NET Core reverse proxy and authentication middleware

I have .Net Core application hosted on an Azure app service, with a custom domain name set up in the Azure Front Door reverse proxy.

External authentication (Facebook) is implemented and works when I run the app locally and when I access the app on Azure directly using the [app_name].azurewebsites.net URL.

However, I get a server error when logging in via facebook when accessing the app either from my custom domain or via [app_name].azurefd.net.

The issue appears to be that, after auth, the user is redirected back to the app service domain (.azurewebsites.net/), instead of the custom domain.

I have configured forwarded headers in the application but that does not appear to have helped.

 services.Configure<ForwardedHeadersOptions>(options =>
            {
                options.ForwardedHeaders =
                    ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedHost | ForwardedHeaders.XForwardedHost;
                options.ForwardedHostHeaderName = "X-Original-Host";
                options.KnownNetworks.Clear();
                options.KnownProxies.Clear();
            });

My login code is the default generated by NET Core:

<form id="external-account" asp-page="./ExternalLogin" asp-route-returnUrl="@Model.ReturnUrl" method="post" class="form-horizontal">
                        <div>
                            <p>
                                @foreach (var provider in Model.ExternalLogins)
                                {
                                    <button type="submit" class="btn btn-primary" name="provider" value="@provider.Name" title="Log in using your @provider.DisplayName account">@provider.DisplayName</button>
                                }
                            </p>
                        </div>
                    </form>

There doesn't appear to be a Redirect_URI property I can set in the Facebook middleware options.

tldr: my .net core external auth middleware redirects to the azure domain instead of my custom domain even when app accessed from the custom domain. I have forwarded headers configured in NET Core.

Update: edited for clarity

Update2: Have also tried the following to no avail:

app.Use(async (context, next) =>
            {
                if (context.Request.Headers.Any(x => x.Value == "X-Original-Host") != false)
                {
                    var originalHost = context.Request.Headers.FirstOrDefault(x => x.Value == "X-Original-Host").Value;
                    context.Request.Headers.Add("Host", originalHost);
                }
                await next.Invoke();
            });
Solution

  • Same problem with redirects on Application Gateway per the following question: Redirect to absolute URL on timeout in ASP.NET Core 2.0 application

    Thanks to Tratcher for his answer on that question. The solution was to add the following in the Configure method of Startup.cs:

    app.Use((ctx, next) =>
{
    ctx.Request.Host = new HostString(options.Value.CustomDomain);
    return next();
});