I have an ASP.NET MVC application using OWIN authentication that is running behind a reverse proxy.
The authentication in ASP.NET is set up like this:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
The reverse proxy in iis is setup like this in the web.config:
<system.webServer>
<httpErrors errorMode="Detailed" />
<asp scriptErrorSentToBrowser="true"/>
<rewrite>
<rule name="proxy" stopProcessing="true">
<match url="^app/?(.*)" />
<serverVariables>
<set name="X_REQUESTED_URL_PATH" value="{R:1}" />
</serverVariables>
<action type="Rewrite" url="https://myapp.mydomain.toplevel/app/{R:1}" />
</rule>
</rewrite>
<system.webServer>
The reverse proxy is hosted at https://www.mydomain.toplevel/app/{R:1}
Everything is working fine, RedirectToAction will redirect to www.mydomain.toplevel.
But when I try to open a controller with the AuthenticationAttribute, the redirect will go to https://myapp.mydomain.toplevel/account/login instead of www.mydomain.toplevel
How can I configure this that my application stays behind the reverse proxy, even when the auth redirect is happening? As a first workaround, I tried to hardcode the LoginPath with the hostname in front, but this will give an error that the path should start with a /.
