1

Notice the http instead of https. When I replace http with https the I am redirected and successfully receive the bearer token. How do I enforce the url generated by the middleware to contain https?

Middleware:

   services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
        .AddAzureAD(options => Configuration.Bind("AzureAd", options));

Request created upon redirection:

https://login.microsoftonline.com/6957e{...}825/oauth2/authorize?
    client_id=747{...}9810&redirect_uri=http%3A%2F%2F {... continued url ...}
Rob
  • 53
  • 1
  • 9

3 Answers3

1

Based on the Microsoft documentation you should use UseHttpsRedirection to achieve this:

  • The HTTPS Redirection Middleware (UseHttpsRedirection) to redirect all HTTP requests to HTTPS.

ASP.NET Core Enforce HTTPS

The .UseHttpsRedirection() will issue HTTP response codes redirecting from http to https.

Hari Krishna
  • 2,372
  • 2
  • 11
  • 24
  • Just validated that I have this line in my Startup file. app.UseHttpsRedirection(); I also recreated the app service and created a new Azure Ad application and it persists on building the return url as HTTP. – Rob Sep 29 '20 at 13:10
  • 1
    A port must be available for the middleware to redirect an insecure request to HTTPS. If no port is available: Redirection to HTTPS doesn't occur. The middleware logs the warning "Failed to determine the https port for redirect." Set HttpsRedirectionOptions.HttpsPort. In host configuration. – Hari Krishna Sep 29 '20 at 13:20
  • Additional information: I am running from a docker container with exposed ports 80/8081. The app service appears to bind on 8081. – Rob Sep 29 '20 at 13:39
  • Your comment about the error displayed was VERY helpful: 2020-09-29T13:21:55.912618983Z [40m[1m[33mwarn[39m[22m[49m: Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware[3] 2020-09-29T13:21:55.912644984Z Failed to determine the https port for redirect. – Rob Sep 29 '20 at 13:40
  • A "HTTPS port"*, only accepts HTTPS (,so no HTTP) connections.Also default ports is 80 for HTTP and 443 for HTTPS.Plese try adding `services.AddHttpsRedirection(options => options.HttpsPort = 443);` in your startup.cs page.Please also call `app.UseHsts()` after `app.UserHttpsRedirection()` – Hari Krishna Sep 29 '20 at 13:59
  • Found the solution to my problem here: https://stackoverflow.com/questions/49189883/how-to-set-redirect-uri-protocol-to-https-in-azure-web-apps – Rob Sep 30 '20 at 14:07
  • Thank you for all your help Hari Krishna. You set me down the right path! – Rob Sep 30 '20 at 14:08
1

For people using docker and deploy to Azure App Services: add the following in your DockerFile: ENV ASPNETCORE_FORWARDEDHEADERS_ENABLED=true

It turned out that AAD redirect uri was set to http instead of https

jawa
  • 206
  • 2
  • 10
0

I was able to solve my problem with the comment added by Stef Heyenrath on the Stackoverflow post: How to set redirect_uri protocol to HTTPS in Azure Web Apps

Step 1 : configure the ForwardedHeadersOptions

services.Configure<ForwardedHeadersOptions>(options =>
{
    options.RequireHeaderSymmetry = false;
    options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;

    // TODO : it's a bit unsafe to allow all Networks and Proxies...
    options.KnownNetworks.Clear();
    options.KnownProxies.Clear();
});

Step 2 : UseForwardedHeaders in the public void Configure(IApplicationBuilder app,

IHostingEnvironment env) method

app.UseForwardedHeaders();

Step 3 : Only use UseHttpsRedirection for production

if (env.IsDevelopment())
{
    app.UseDeveloperExceptionPage();

    // Forward http to https (only needed for local development because the Azure Linux App Service already enforces https)
    app.UseHttpsRedirection();
}
else
{
    app.UseExceptionHandler("/Error");
    app.UseHsts();
}
Rob
  • 53
  • 1
  • 9