I hosted IdentityServer4 on IIS. Endpoint URL's are having HTTP instead of HTTPS.
I already tried forwardheaders method. But doesn't seems to have any effect. We have SSL offloading. Is that the reason? Is there any different solution for that?
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
In older versions (< 4.0) it was possible to set IdentityServerOptions.PublicOrigin including a fixed scheme (since some people seem to have troubles to get the forwarded headers working). Even me used this in an older project.
For the newer versions (4.x+)
If you are sure it will be https and you are sure what the public domain is you can follow this issue on Github. There leastpriviledge offers:
app.Use(async (ctx, next) =>
{
ctx.SetIdentityServerOrigin("https://yourdomain.com");
//ctx.Request.Scheme = "https"; // direct approach
await next();
});
According to the information given within the issue this should do the same.