Facebook login incorrect redirect_uri

[raj-mandair]

We have a web application behind a reverse proxy. The reverse proxy address is proxy.mydomain.com and the backend is backend.mydomain.com.

The facebook authentication challenge is redirecting the user to the backend instead of the reverse proxy (see URL below):

https://www.facebook.com/login.php?redirect_uri%3Dhttps%253A%252F%252Fbackend.mydomain.com%252Fsignin-facebook

Below is a snippet of the code. We tried setting RedirectUri to "https://proxy.mydomain.com" but it didn't work. Please assist. Thank you.

public override void ExecuteResult(ControllerContext context) { var properties = new AuthenticationProperties { RedirectUri = RedirectUri }; if (UserId != null) { properties.Dictionary[XsrfKey] = UserId; } context.HttpContext.GetOwinContext().Authentication.Challenge(properties, LoginProvider); }

[Tratcher]

The general recommendation is to use middleware to modify the request properties like Host to match the public values, then everything generated from them is correct. Even better, the proxy may forward you that information in headers like X-Forwarded-Host. The following doc covers this for AspNetCore, but the concepts would be the same here. https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-6.0

[raj-mandair]

Thank you for the information. I read through the documentation and it suggest tos utilize UseForwardedHeaders to utilize the proxy value. This is an ASP.net app and it doesn't have this method. Any other ideas or how we can get around this?

Really appreciate it.

[Tratcher]

UseForwardedHeaders is a tool that reads x-fowarded-* headers from the request and updates the associated scheme, host, etc. fields on the request. You can do the same in your own middleware here.