Changing KnownNetworks.Clear() to KnownIPNetworks.Clear() breaks forwarded headers #63627
Description
I am using this code very early in the pipeline to forward headers when running my container in Azure App Service. Since updating to .NET 10 RC1, it produces an ASPDEPR005 warning "Obsolete, please use ForwardedHeadersOptions.KnownIPNetworks instead" as announced.
builder.Services.Configure<ForwardedHeadersOptions>(o =>
{
o.ForwardedHeaders = ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedHost | ForwardedHeaders.XForwardedFor;
o.KnownNetworks.Clear();
o.KnownProxies.Clear();
});However, if I follow the instructions in the warning and swap o.KnownNetworks.Clear() to o.KnownIPNetworks.Clear():
builder.Services.Configure<ForwardedHeadersOptions>(o =>
{
o.ForwardedHeaders = ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedHost | ForwardedHeaders.XForwardedFor;
o.KnownIPNetworks.Clear();
o.KnownProxies.Clear();
});Then this breaks my OIDC auth flow because the callback URL is incorrectly set as http://mywebsite.com/signin-microsoft instead of https://mywebsite.com/signin-microsoft (note HTTP scheme).
Here is the auth code:
builder.Services
.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie()
.AddOpenIdConnect("Microsoft", o =>
{
o.ClientId = builder.Configuration["MicrosoftClientId"];
o.ClientSecret = builder.Configuration["MicrosoftClientSecret"];
o.Authority = "https://login.microsoftonline.com/organizations/v2.0";
o.CallbackPath = "/signin-microsoft";
o.ResponseType = OpenIdConnectResponseType.Code;
});.NET version: 10.0.100-rc.1.25451.107