.NET Issue on ADFS SSO behind a Reverse Proxy

Question

I have a .NET application that uses ADFS for SSO. It works when I test it on my local machine and test environment but it fails when deployed to the client environment.

The client environment is like this:
HTTPS Public IP:443 -> NAT Internal IP -> Accelerator:80 -> Load Balancer:80 -> Reverse Proxy Server:80 -> APP Server:80

The reverse proxy will URL rewrite from app.url.com to app-internal.url.com

The application should work like this:

User will access http s://app.url.com/appname. Then .NET Application on first load will redirect the user to an ADFS server: http s://adfsurl.domain.com/adfs/ls?
Upon successful authentication, the ADFS will redirect back to the application URL.

My issue is that the application is redirecting to http://app.url.com/adfs/ls/? instead of http s://adfsurl.domain.com/adfs/ls?

Is there any other configuration I need to do like outbound rule?

Brandon Hixson · Answer

You may need to deselect Reverse rewrite host in response headers in the ARR settings and additionally set preserveHostHeader="true" in applicationhost.config

Open Internet Information Services (IIS) Manager.
In the Connections pane, select the server.
In the server pane, double-click Application Request Routing Cache.
In the Actions pane, click Server Proxy Settings.
On the Application Request Routing page, deselect Reverse rewrite host in response headers.

To set preserveHostHeader="true" in applicationhost.config:

Run Command Prompt as Administrator
%WINDIR%System32inetsrvappcmd.exe set config -section:system.webServer/proxy /preserveHostHeader:"True" /commit:apphost

See:

https://stackoverflow.com/questions/4243959/iis-reverse-proxy-with-rewrites-cant-handle-a-redirect-from-the-server-we-proxy

https://stackoverflow.com/questions/43433352/sso-adfs-redirection-issue-with-reverse-proxy-with-arr

.NET Issue on ADFS SSO behind a Reverse Proxy

One Answer

Add your own answers!

Ask a Question