In my ASP.NET Core 1.0 application I'm using Cookie Middleware to provide my own login screens. I followed the ASP.NET Core documentation: https://docs.asp.net/en/latest/security/authentication/cookie.html
Startup.cs
...
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "MyCookieMiddlewareInstance",
LoginPath = new PathString("/Config/Login"),
AutomaticAuthenticate = true,
AutomaticChallenge = true,
});
...
My project is finished now and I have published it to a Linux environment. I have configured Nginx as a reverse proxy to forward requests to my ASP.NET application. My configuration forwards incoming public traffic on port 5000 to the current port where my web application is listening on.
/etc/nginx/sites-available/default
server {
listen 5000;
location / {
proxy_pass http://localhost:4007;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Everything works as it should; but when I try to access an unauthorised page, the configured authentication-options in my application forwards the page to the login page. Unfortunately it removes the port-number from the url. When I add the port-number manually, it works.
When I request http://'ip-server':5000/Config the application should redirect my request to http://'ip-server':5000/Config/Login?ReturnUrl=%2FConfig when I am not logged in. Instead it redirects me now to http://'ip-server'/Config/Login?ReturnUrl=%2FConfig. Hereby it redirects to a non-existing page.
What do I need to change (in application? in Nginx?) so that it keeps the port-number in the url? I haven't found anything on the Internet yet about it.
