Cannot authenticate Regular App using .NET Core SDK deployed in k8s behind reverse proxy with SSL termination

Hi,

Let me explain the context before the question.

I’m using ASP.NET Core MVC SDK for regular app (latest version). I’m successfully authenticate on the local machine (running app from IDE, Rider) and using redirection to HTTPS. So that all works via HTTPS. When I try to configure and use locally HTTP, I cannot authenticate. I see the error:


We clearly see that when the app uses HTTPS it’s fine, and when HTTP it’s not.

We are deploying the app to k8s, behind ingress which terminates SSL. So that the app itself receives HTTP requests from the proxy, even we have HTTPS on internet. Here come the issue: the SDK thinks that it’s working with HTTP and produce the following symptoms:

  • the SDK adds “redirect_uri=http://…” and load Auth0 page with error: Callback URL mismatch.
  • if we change manually http to https and continue, then I can login, but the error as mention above for HTTP is shown (Correlation failed)

Do I need to have a special configuration of ingress service in k8s for SDK to work? Where should we check the issue?
Would be glad to any advices.

Thanks,

Hey there!

Can I ask you to create a GitHub issue for that as it’s gonna be the most effective way of handling that directly with the SDK maintainers? Once you have a link to it you can share it here so we can ping them. Thank you!

Could you, please, advise in which repo should I create an issue? I see auth0-aspnet and auth0.net. Could you, please, drop a link to correct GitHub repo?

Sure go for this one:

We have found how to fix it.
Before calling ChallengeAsync we are setting IsHttps to true.

HttpContext.Request.IsHttps = true;
await HttpContext.ChallengeAsync(Auth0Constants.AuthenticationScheme, authenticationProperties);

I think there is another approach which requires some special configuration of reverse proxy (nginx), but I’m not sure about it.

4 Likes

Thanks for sharing that with the rest of community!