ASP.NET Core Razor Pages behind AWS API Gateway returning 400 on login POST and incorrect redirect behavior
09:51 12 May 2026

I have an ASP.NET Core 8 Razor Pages application running inside Docker containers behind AWS API Gateway.

The application works correctly when accessed through an EC2, but when accessed through API Gateway I have several issues related to authentication and redirects.

I suspect the problem is related to forwarded headers, cookies, antiforgery token, or API Gateway proxy behavior.

Current forwarded headers configuration:

builder.Services.Configure(options =>
{
    options.ForwardedHeaders =
        ForwardedHeaders.XForwardedFor |
        ForwardedHeaders.XForwardedProto |
        ForwardedHeaders.XForwardedHost;

    options.KnownNetworks.Clear();
    options.KnownProxies.Clear();
});

app.UseForwardedHeaders();

Cookie/session configuration:

builder.Services.Configure(options =>
{
    options.CheckConsentNeeded = context => false;
    options.MinimumSameSitePolicy = SameSiteMode.Lax;
    options.HttpOnly = HttpOnlyPolicy.Always;
    options.Secure = CookieSecurePolicy.SameAsRequest;
});

builder.Services.AddSession(options =>
{
    options.IdleTimeout = TimeSpan.FromHours(24);
    options.Cookie.HttpOnly = true;
    options.Cookie.IsEssential = true;
    options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
});

There are a few logs that may help to understand the inconsistent behaviour.

[WRN] Failed to determine the https port for redirect. 
[INF] AuthenticationScheme: Cookies was challenged.
[INF] [DEBUG] Scheme: http, URL: http:some-aws-url:8085/authentication/login2026-05-08

Notice that when dumping the HttpContext request Scheme and URL i get http and http://some-aws-url:8085 which contains some-aws-url (probbably the api gateway url) and a port.

Now it starts to get really weird because that port is not actually the port which my container runs and the url also isn't the public DNS used to access the application, the scheme that my application receives is also http, when actually it is running on https.

Because of that, no automatic redirection, such as going from /index to /authentication/login works. (I can still go to /authentication/login but only after manually typing the url). POST action never reaches the Razor Page handler and browser receives HTTP 400 before entering controller/page handler.

Any ideas on what is causing this behaviour? Already spent two days and couldn't find anything usefull.

Also, the faulty aws is not our own, so it's kinda hard to make any changes before we test anything.

c# asp.net asp.net-mvc amazon-web-services