search

Azure-Samples / active-directory-dotnet-webapp-webapi-multitenant-openidconnect

A sample .NET 4.5 MVC SaaS web app that signs-up and signs-in users from any Azure AD tenant, and calls the Azure AD Graph API.
66 stars 45 forks source link

additional info for protecting against http redirection #30

Closed joezen777 closed 4 years ago

joezen777 commented 7 years ago

Added additional comment information for protecting against undesired redirection to http resources when hosting provider on a reverse proxy that proxies and rewrites https traffic to http. We experienced this with a hacker-security web-application-firewall service, where even when communication persisted through HTTPS tunnels, the URL was still rewritten from https to http. This then resulted in initial form post back being sent to http as well as the post-authorization code received action redirecting to http instead of https. Adding replaces of http:// to https:// on context.ProtocolMessage.RedirectUri and context.Properties.RedirectUri resolved the issue.

acomsmpbot commented 7 years ago

No issues were found in this pull request.

TiagoBrenck commented 4 years ago

Closing as we are archiving this sample.

The newer one can be found at: https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/2-WebApp-graph-user/2-3-Multi-Tenant