Account Confirmation error on ASP.NET Core web app running on Apache server using reverse proxy

Question

I have a sample MVC web application built using ASP.NET Core. I have also enabled account confirmation so when users register, they receive an email confirmation. My web app runs fine and account confirmation works fine when I run it locally using Kestrel server on my development machine (http://localhost:5000).

Now I have published my web app to my Ubuntu server running Apache web server using reverse proxy (https://musicstore.paul.kim). I have obtained a free SSL certificate for musicstore.paul.kim using Let's Encrypt. I've set the reverse proxy to forward requests from http://localhost:5000 to https://musicstore.paul.kim. Everything seems to run fine except the account confirmation doesn't work. When I try to register a new user by entering an email and creating a password, I get an email via SendGrid with a link to confirm my email. When I click on that link, I am taken to my web app and an error message is displayed rather than having the email confirmed. I looked at my log file and the error message is "Microsoft.AspNetCore.Identity.UserManager[9] VerifyUserTokenAsync() failed with purpose: EmailConfirmation for user 54a1c48c-4af7-454a-9c57-6b78c671be56."

Why is account confirmation not working on Apache with reverse proxy?

How can I get it working?

Answer 1

The issue lies on the fact that we lost the client's original request protocol. We can deal with it by adding this code to the "Configure" in startup.cs:

app.UseForwardedHeaders(new ForwardedHeadersOptions
{
    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});

Moreover, you have to configure your apache/nginx with in your vhost file:

RequestHeader set X-Forwarded-Proto "https"

That should do the trick! ;-)