Getting ASP.NET Core to Authenticate against Azure AD with Nginx

05/13/2019

Getting ASP.NET Core to Authenticate against Azure AD with Nginx

How to beat the 502 Gateway error and authenticate successfully against Azure AD.

r' Azure against our organization's AD instance.

We ran into a bit of a problem when pushing into our test subdomain, however - whenever we went to log in, Nginx would give us a 502 error and choke on the /signin-oidc URL link. The Kestrel logs kept showing successful authentication, so it had to be something not getting through between Nginx and Kestrel.

One of the nice things about Azure AD errors is that they seem to closely mimic any issue happening with [Identity Server])(https://identityserver.io/), which is what led us to this post over at StackOverflow. What ended up working for us is the tweak they did to the nginx.conf file, in which we added these lines to the http section:

proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
large_client_header_buffers 4 16k;

A quick save and a restart, and the proxy is now passing our Azure AD cookies successfully into Kestrel.

Looking for help building or integrating your web application with Azure AD B2C? Contact us for a quote - not only is it free, but we can help you find what you're looking for at a better price than most consulting firms!