Server 2022 Web Application Proxy, asp.net core 6 Microsoft Account Signon Issue
I am running Windows Server 2022 with the Web Application Proxy (WAP) feature installed. The WAP server proxies requests for a backend asp.net core 6 website, which is configured to allow login using Microsoft Authentication via the Microsoft.AspNetCore.Authentication.MicrosoftAccount nuget package.
Everything works fine running on localhost. Login fails through the WAP because the CallbackPath is being set to the local server name, and not the public domain name.
In Azure I have the Redirect URI's set to
https://localhost/signon-auth
https://www.domain.com/signon-auth
The website is deployed to IIS running on a Windows 2022 server called server.local. The ASP.NET Core Runtime 6.0.7 Hosting Bundle installed so the asp.net core 6 site runs on IIS.
When logging in through the WAP, the CallbackPath is set to https://server.local/signon-auth instead of https://www.domain.com/signon-auth
After doing some research I found that I need to use the X-Forwarded-Host header to get the public host name (www.domain.com)
The WAP only sends the X-Original-For header, which contains the originating IP address.
How can I set the Web Application Proxy to also include the X-Forwarded-Host header?
Is there another solution to this problem I'm not seeing?
Thanks,
Scott