Program.cs

// Removed for brevity
builder.Services.AddAuthentication(...);

// Configure load balancer headers for MS Identity
builder.Services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, o =>
{
    o.Events = new OpenIdConnectEvents
    {
        // Override the redirect URI
        OnRedirectToIdentityProvider = (context) =>
        {
            if (context.Request.Headers.ContainsKey("X-Forwarded-Host"))
            {
                context.ProtocolMessage.RedirectUri = $"https://{context.Request.Headers["X-Forwarded-Host"]}{builder.Configuration.GetSection("AzureAd").GetValue<string>("CallbackPath")}";
            }

            return Task.FromResult(0);
        }
    };
});

// Configure forwarding headers
builder.Services.Configure<ForwardedHeadersOptions>(o =>
{
    o.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
    o.KnownNetworks.Clear();
    o.KnownProxies.Clear();
});


// Below the following line...
var app = builder.Build();

// Add this before app.UseAuthentication()
app.UseForwardedHeaders();