c# - Redirect to absolute URL on timeout in ASP.NET Core 2.0 application

Question

I'm running an ASP.NET Core 2.0 application which utilises ASP.NET Identity hosted in Azure App Service behind an Application Gateway.

I've set up a custom domain to point to the Application Gateway over SSL which then terminates the SSL and forwards the request onto my backend pool which uses the default *.azurewebsites.net domain over 80.

e.g. Request to custom.com:443 ---> Application Gateway ---> custom.azurewebsites.net:80

I've configured my ASP.NET Core 2.0 application to time the users session out after 1 hour using the following middleware:

services.ConfigureApplicationCookie(options =>
{
    options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
});

When the user times out and then performs another action, they're getting redirected to the login page on the app service on custom.azurewebsites.net:80 instead of back through the Application Gateway.

Is there a way to redirect to an absolute URL on timeout instead of a relative one?

Answer 1

Thank you Tratcher for your help on this.

It seems the Azure Application Gateway does not add the X-Forwarded-Host header so adding the app.UseForwardedHeaders() middleware was futile. Instead, I've added a configuration value that holds the host of my current environment and overrides the 'Host' property of every request with the custom domain.

app.Use((ctx, next) =>
{
    ctx.Request.Host = new HostString(options.Value.CustomDomain);
    return next();
});

The ASP.NET Identity authentication middleware then uses this value to construct the redirect URL.

I've also written Microsoft some feedback on this issue here, as I'm sure my use case cannot be uncommon.