Here we describe some ways to help .NET applications use the HTTPS protocol for their redirect URLs.

A .NET application may fail to recognize that a URL was secure, for example, if TLS is terminated at the gorouter. A common symptom of this error is that the URL within the browser may be manually changed from "http" to "https", and it will work.

For ASP.NET Core Applications:

Use this in Startup.Configure:
```
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
    ForwardedHeaders = ForwardedHeaders.XForwardedProto
});
```

This code tells the application to use the protocol of the request as it was prior to reaching the reverse proxy, as specified in the X-Forwarded-Proto HTTP Header. When TLS is terminated at the reverse proxy, this change causes the application to generate URLs with the secure protocol for the redirect URL, as used in the original request, instead of the insecure HTTP protocol as the request reached the application.

This article from Microsoft highlights other approaches that developers may find helpful:

https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-2.1&tabs=visual-studio

Steeltoe also has a useful toolkit for .NET apps:

https://steeltoe.io/docs/steeltoe-security/#1-2-4-add-cloud-foundry-oauth