I have an asp.net core 3.1 web app which uses azure windows authentication. When I run it on VS or as a service on my local computer (windows 10) it works fine and uses https for all requests. I copied the exe file and dll's onto a remote server (windows server 2008 rs) and created a windows service on the machine. When the browser connects to the service the authentication is done over https but when it returns to the app home page it uses http. Any ideas why/what I can do to force any and all requests that are made be over https on any OS/platform?
This is likely due to your local environment having a development certificate installed which the default application configuration uses for local HTTPS. Authentication is performed over HTTPS as the user is routed to Azure to authenticate.
In production, HTTPS must be explicitly configured. At a minimum, a default certificate must be provided.
To enforce HTTPS in production you need to configure a certificate. The following article explains the various ways to configure a certificate: Configure endpoints for the ASP.NET Core Kestrel web server.