Hi everyone,
I am struggling with a Umbraco 17 site deployed to IIS. The frontend works, but the backoffice login fails due to protocol issues.
The Problem:
When logging into the backoffice, I get the error:
error_description: This server only accepts HTTPS requests. error_uri: https://documentation.openiddict.com
The site only works if I set "UseHttps": false in appsettings.json, which is not an option for production.
My Setup & Deployment:
-
Umbraco Version: 17
-
Infrastructure: Hosted behind an IIS ARR (Application Request Routing) Proxy. SSL termination happens at the proxy, and requests are forwarded to the web server via HTTP.
-
Deployment Process: I publish using
dotnet publish -c Release -r win-x64 --self-contained false. -
Database: I manually copy the SQLite database. I have already manually updated
PostLogoutRedirectUrisandRedirectUrisin the database to match the correct public domain, but the error persists. -
IIS: AppPool is set to “No Managed Code” / Integrated.
The Challenge:
Even though the URIs in the database are correct, OpenIddict seems to reject the login because it perceives the incoming forwarded request as insecure HTTP instead of HTTPS.
My Questions:
-
How do I correctly configure the Forwarded Headers Middleware in Umbraco 17 to ensure OpenIddict respects the
X-Forwarded-Protoheader from the ARR proxy? -
Are there any additional settings in
appsettings.json(likeUmbraco:CMS:WebRouting:UmbracoApplicationUrl) that are mandatory when the internal connection is HTTP? -
Is there a specific way to tell OpenIddict in Umbraco 17 to allow the offloaded HTTPS connection or meaby correct it instead of doing it manual?
Any help or code snippets for Program.cs to handle this proxy scenario would be greatly appreciated!