Container app on azure configuration

[nrandell]

Just spent a few hours trying to get this working. I had previously had something working ok in a windows web app, but when switching to a container web app under Linux, it kept on redirecting back to the insecure http://xxxxxx.azurewebsites.net/signin-oidc rather than the secure https://xxxxx.azurewebsites.net/signin-oidc

A lot of reading and trial and error and this appears to work.

services.Configure<ForwardedHeadersOptions>(options =>
{
    options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
    options.RequireHeaderSymmetry = false;
    options.KnownNetworks.Clear();
    options.KnownProxies.Clear();
});

And at the top of Configure

app.UseForwardedHeaders();

Is this expected behaviour? Is it documented somewhere, if so I couldn't find it.

[jmprieur]

Hello @nrandell : are you sure that this question is related to MSAL.NET ? Or would it be related to ASP.NET ? ASP.NET Core?
cc: @jennyf19

[nrandell]

I raised it here as it seemed to be the most appropriate place. To be honest it may just be that documentation is required, but I would rather raise something so it can help other people

[jmprieur]

Thanks @nrandell.
I certainly want to use this knowledge somewhere. Probably in a documentation about middleware (to come), or maybe ASP.NET.

[Rick-Anderson]

@scottaddie @guardrex This should probably go in https://github.com/aspnet/Docs
Can you recommend a place?

[guardrex]

We cover this, but it probably isn't cross-linked well. @nrandell, it looks like you didn't come across our topic on this in your search for a solution ... https://docs.microsoft.com/aspnet/core/host-and-deploy/proxy-load-balancer

I couldn't find it

@nrandell, what topic(s) were you using when you were working on your implementation of the container app under Linux? The simplest solution is perhaps to link that topic directly to ours.

I've taken note that our own Docker topics don't link our new proxy/load balancer topic, so I'll take care of that right now.

[nrandell]

Good question, but I'm not sure where I was looking in order to find it.

What I do remember is that it was very hard to find out just how app service for containers works and where IIS fits in.

My understanding now is that all app services sit behind IIS which terminates the HTTPS and forwards the request using HTTP (though how this will support HTTP/2 I don't know yet ...)

I think it may make sense to have an explicit example of how a container app works and what the container app will see coming in as requests. When I looked, most of the container examples and documents seemed to be for hosting a container and then exposing the port directly, or using something like Nginx to handle connections.

Thanks for handling this issue - it's great to be able to help make things better.

[jmprieur]

Closing as the documentation was moved to ASP.NET