christophwille
commented
5 years ago Only the forwarded headers middleware didn't cut it in my case (for whatever reason, haven't debugged that), but https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-2.2#scenarios-and-use-cases with Use() does.
Setup: basically https://github.com/Azure-Samples/active-directory-b2c-dotnetcore-webapp/ running in a container in AKS, fronted with WAF. WAF does TLS Termination (https://www.mydemosite.ext) and (at this point in time) forwards to a non-SSL endpoint in the container (http://someipaddress)
Now https://github.com/Azure-Samples/active-directory-b2c-dotnetcore-webapp/blob/master/WebApp-OpenIDConnect-DotNet/Controllers/SessionController.cs#L28 does create a redirect to B2C, but: it strips off the "s" for the B2C redirect_url back to the site, and B2C correctly says "no way, you didn't register that".
Effectively, I think that https://github.com/aspnet/Security/blob/release/2.2/src/Microsoft.AspNetCore.Authentication/AuthenticationHandler.cs#L117 is causing the problem here (the container running http and not https).
Is there an X header (https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer applies here too?) or some configuration where I can tell my app running http in the container to actually render a https redirect uri?