I have a Blazor server application (running .NET 8) which I've put in an Azure Container which in turn is accessed via URL that is routed through HAProxy that also handled TLS termination, this application should have Entra ID authentication.
I have the following code for the authentication bits:
var builder = WebApplication.CreateBuilder(args);var scopes = builder.Configuration.GetValue<string>("DownstreamApi:Scopes");string[] initialScopes = scopes!.Split(''); builder.Services.AddMicrosoftIdentityWebAppAuthentication(builder.Configuration).EnableTokenAcquisitionToCallDownstreamApi(initialScopes).AddMicrosoftGraph("https://graph.microsoft.com/v1.0", scopes).AddInMemoryTokenCaches();builder.Services.AddHttpContextAccessor();builder.Services.AddControllersWithViews(options => {var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();options.Filters.Add(new AuthorizeFilter(policy));}).AddMicrosoftIdentityUI();And then in the app part:
var app = builder.Build();app.UseForwardedHeaders(new ForwardedHeadersOptions{ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedHost});I have the URL I have to use is something like this https://my.company.internal/theapp
If I navigate to that path I get to the start page and if I hit the login button I get the Entra Id login screen. Upon successful login though it throws a completely different redirect URL back in my face as an error stating that the redirect URL https://theapp_ca.myazurecontainerenv.containerapps.com/signin-oidc isn't in the valid redirect URL list, which it isn't, but I thought that would've been taken care of by using the ForwardedHeaders.XForwardedHost so it would redirect me to the https://my.company.internal/theapp/signin-oidc which would happily accept the sign-in ticket.
It's taken me days now to try to find anything online and the ForwardedHeaders was the only thing I found that pointed me in the right direction (or so I thought).
So, is there a way to get this to work or is it simply impossible to use Entra ID authentication in Azure Container apps using Blazor and HAProxy?