Configuration

.NETCoreApp 1.1  MVC hosted on IIS 8 behind AWS ELB

Error

App was returning HTTP reply address  instead of HTTPS when logging in due to SSL terminated at AWS Elastic Load Balancer and IIS only listening on port 80.

ADSTS50011: The reply address ‘http://xxxx/signin-oidc’ does not match the reply addresses configured for the application:

Fix (for this configuration)

Prepend the following to Configure in Startup.cs

var forwardedOptions = new ForwardedHeadersOptions
{
RequireHeaderSymmetry = false,
ForwardedHeaders = ForwardedHeaders.All
};
forwardedOptions.KnownNetworks.Clear();
forwardedOptions.KnownProxies.Clear();
app.UseForwardedHeaders(forwardedOptions);

See discussion here: https://github.com/aspnet/BasicMiddleware/issues/177