I have a sample MVC web application built using ASP.NET Core. I have also enabled account confirmation so when users register, they receive an email confirmation. My web app runs fine and account confirmation works fine when I run it locally using Kestrel server on my development machine (http://localhost:5000).
Now I have published my web app to my Ubuntu server running Apache web server using reverse proxy (https://musicstore.paul.kim). I have obtained a free SSL certificate for musicstore.paul.kim using Let's Encrypt. I've set the reverse proxy to forward requests from http://localhost:5000 to https://musicstore.paul.kim. Everything seems to run fine except the account confirmation doesn't work. When I try to register a new user by entering an email and creating a password, I get an email via SendGrid with a link to confirm my email. When I click on that link, I am taken to my web app and an error message is displayed rather than having the email confirmed. I looked at my log file and the error message is "Microsoft.AspNetCore.Identity.UserManager[9] VerifyUserTokenAsync() failed with purpose: EmailConfirmation for user 54a1c48c-4af7-454a-9c57-6b78c671be56."
Why is account confirmation not working on Apache with reverse proxy?
How can I get it working?
The issue lies on the fact that we lost the client's original request protocol. We can deal with it by adding this code to the "Configure" in startup.cs:
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
Moreover, you have to configure your apache/nginx with in your vhost file:
RequestHeader set X-Forwarded-Proto "https"
That should do the trick! ;-)