Umbraco 14 Can't login to back office - This server only accepts HTTPS requests.
I recently upgraded my Umbraco installation to version 14 and encountered an issue after deploying to Azure. The front end of the website works fine over HTTPS, but when I navigate to /umbraco to log in, I encounter the following error:
error:invalid_request
error_description:This server only accepts HTTPS requests.
error_uri:https://documentation.openiddict.com/errors/ID2083
I have verified that my website is indeed using HTTPS both locally and on Azure. When running locally via Visual Studio (IIS Express), I do not encounter this problem. However, after deploying to my local IIS or Azure, I consistently see this error.
Before the upgrade to Umbraco 14, everything worked correctly on my local IIS. Could you please advise on what might have changed in Umbraco 14 regarding HTTPS enforcement, and what steps I can take to resolve this issue?
By the way my Umbraco Website is running inside a docker container. I don't know if that makes any diffrence or not.
After adding the "UseHttps": true setting, my website now works on my local IIS. However, when I deploy it to Azure, I still encounter an error when trying to log in:
If I navigate to /umbraco/login, I see the login screen.
However, upon attempting to log in, I encounter the error and cannot access Umbraco.
If I navigate to /umbraco, I don't see the login screen at all; instead, I immediately get the error.
The website is running inside a Docker container. To troubleshoot, I created a new web app on Azure and deployed the website without using a Docker container.
In this setup, everything works fine—I can log in to Umbraco without any issues.
This indicates that there must be some additional configuration needed for the Docker container to work with Umbraco 14.
Unfortunately, I'm unable to determine the necessary adjustments and may have to revert to Umbraco 13 for now, as my production environment relies on Docker containers.
If anyone has insights into what might need to be configured in the Docker setup for Umbraco 14, your help would be greatly appreciated.
After upgrading to Umbraco 14.X.X, I could no longer log in to the back office when my Umbraco site was deployed to Azure. Locally, everything worked fine when running through Visual Studio.
Root Cause:
The issue was related to Azure's reverse proxy setup:
Azure Reverse Proxy:
Azure forwards incoming HTTPS requests as HTTP to the internal application.
OpenIddict Security Requirement: OpenIddict requires that authentication requests are made over HTTPS in production.
However, since Azure forwards the request internally as HTTP, OpenIddict rejected the requests.
Missing X-Forwarded-Proto Handling: Without the correct middleware, my application didn’t recognize the original request was made over HTTPS because it wasn’t interpreting the X-Forwarded-Proto header sent by Azure.
Solution:
To fix this, I added the UseForwardedHeaders() middleware to handle the X-Forwarded-Proto header, which allows the application to recognize that the original request was made over HTTPS.
Here is the relevant part of the solution in Startup.cs:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILogger<Startup> logger)
{
app.UseRouting();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
// Add the forwarded headers middleware here
var forwardedHeaderOptions = new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
};
forwardedHeaderOptions.KnownNetworks.Clear(); // Removes restrictions on proxy IP addresses
forwardedHeaderOptions.KnownProxies.Clear(); // Allows Azure proxies to be trusted
app.UseForwardedHeaders(forwardedHeaderOptions);
// If certificate forwarding is still required, keep this line
app.UseCertificateForwarding();
app.UseAuthentication();
app.UseAuthorization();
app.UseCors(builder =>
{
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
});
app.UseUmbraco()
.WithMiddleware(u =>
{
u.UseBackOffice();
u.UseWebsite();
})
.WithEndpoints(u =>
{
u.UseBackOfficeEndpoints();
u.UseWebsiteEndpoints();
});
}
Summary:
Azure forwards HTTPS requests as HTTP.
OpenIddict requires HTTPS in production.
Adding UseForwardedHeaders() ensures the app correctly interprets the X-Forwarded-Proto header and allows HTTPS requests to be recognized, solving the login issue.
Umbraco 14 Can't login to back office - This server only accepts HTTPS requests.
I recently upgraded my Umbraco installation to version 14 and encountered an issue after deploying to Azure. The front end of the website works fine over HTTPS, but when I navigate to /umbraco to log in, I encounter the following error:
I have verified that my website is indeed using HTTPS both locally and on Azure. When running locally via Visual Studio (IIS Express), I do not encounter this problem. However, after deploying to my local IIS or Azure, I consistently see this error.
Before the upgrade to Umbraco 14, everything worked correctly on my local IIS. Could you please advise on what might have changed in Umbraco 14 regarding HTTPS enforcement, and what steps I can take to resolve this issue?
By the way my Umbraco Website is running inside a docker container. I don't know if that makes any diffrence or not.
Thank you!
Does any of this help?
https://docs.umbraco.com/umbraco-cms/reference/security/ssl-https
After adding the "UseHttps": true setting, my website now works on my local IIS. However, when I deploy it to Azure, I still encounter an error when trying to log in:
I noticed something interesting:
If I navigate to /umbraco/login, I see the login screen.
However, upon attempting to log in, I encounter the error and cannot access Umbraco.
If I navigate to /umbraco, I don't see the login screen at all; instead, I immediately get the error.
The website is running inside a Docker container. To troubleshoot, I created a new web app on Azure and deployed the website without using a Docker container.
In this setup, everything works fine—I can log in to Umbraco without any issues.
This indicates that there must be some additional configuration needed for the Docker container to work with Umbraco 14.
Unfortunately, I'm unable to determine the necessary adjustments and may have to revert to Umbraco 13 for now, as my production environment relies on Docker containers.
If anyone has insights into what might need to be configured in the Docker setup for Umbraco 14, your help would be greatly appreciated.
I have finally fixed this issue.
Issue:
After upgrading to Umbraco 14.X.X, I could no longer log in to the back office when my Umbraco site was deployed to Azure. Locally, everything worked fine when running through Visual Studio.
Root Cause:
The issue was related to Azure's reverse proxy setup:
Azure Reverse Proxy:
Azure forwards incoming HTTPS requests as HTTP to the internal application. OpenIddict Security Requirement: OpenIddict requires that authentication requests are made over HTTPS in production.
However, since Azure forwards the request internally as HTTP, OpenIddict rejected the requests. Missing X-Forwarded-Proto Handling: Without the correct middleware, my application didn’t recognize the original request was made over HTTPS because it wasn’t interpreting the X-Forwarded-Proto header sent by Azure.
Solution:
To fix this, I added the UseForwardedHeaders() middleware to handle the X-Forwarded-Proto header, which allows the application to recognize that the original request was made over HTTPS.
Here is the relevant part of the solution in Startup.cs:
Summary:
Azure forwards HTTPS requests as HTTP. OpenIddict requires HTTPS in production. Adding UseForwardedHeaders() ensures the app correctly interprets the X-Forwarded-Proto header and allows HTTPS requests to be recognized, solving the login issue.
is working on a reply...