diff --git a/src/Security/Authentication/Core/src/RemoteAuthenticationHandler.cs b/src/Security/Authentication/Core/src/RemoteAuthenticationHandler.cs
index b4d4cbef88..2f650f0971 100644
--- a/src/Security/Authentication/Core/src/RemoteAuthenticationHandler.cs
+++ b/src/Security/Authentication/Core/src/RemoteAuthenticationHandler.cs
@@ -276,7 +276,7 @@ namespace Microsoft.AspNetCore.Authentication
                 {
                     uri = QueryHelpers.AddQueryString(uri, context.ReturnUrlParameter, context.ReturnUrl);
                 }
-                Response.Redirect(uri);
+                Response.Redirect(BuildRedirectUri(uri));
 
                 return HandleRequestResult.Handle();
             }
diff --git a/src/Security/Authentication/test/GoogleTests.cs b/src/Security/Authentication/test/GoogleTests.cs
index 473f669c65..98e001d7d4 100644
--- a/src/Security/Authentication/test/GoogleTests.cs
+++ b/src/Security/Authentication/test/GoogleTests.cs
@@ -417,7 +417,7 @@ namespace Microsoft.AspNetCore.Authentication.Google
             var transaction = await server.SendAsync("https://example.com/signin-google?error=access_denied&error_description=SoBad&error_uri=foobar&state=protected_state",
                 ".AspNetCore.Correlation.Google.correlationId=N");
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            Assert.Equal("/custom-denied-page?rurl=http%3A%2F%2Fwww.google.com%2F", transaction.Response.Headers.GetValues("Location").First());
+            Assert.Equal("https://example.com/custom-denied-page?rurl=http%3A%2F%2Fwww.google.com%2F", transaction.Response.Headers.GetValues("Location").First());
         }
 
         [Fact]
diff --git a/src/Security/Authentication/test/OAuthTests.cs b/src/Security/Authentication/test/OAuthTests.cs
index 838798ceaf..1a8e6bb4f2 100644
--- a/src/Security/Authentication/test/OAuthTests.cs
+++ b/src/Security/Authentication/test/OAuthTests.cs
@@ -274,7 +274,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                 ".AspNetCore.Correlation.Weblie.correlationId=N");
 
             Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
-            Assert.Equal("/access-denied?ReturnUrl=http%3A%2F%2Ftesthost%2Fredirect", transaction.Response.Headers.Location.ToString());
+            Assert.Equal("https://www.example.com/access-denied?ReturnUrl=http%3A%2F%2Ftesthost%2Fredirect", transaction.Response.Headers.Location.ToString());
         }
 
         [Fact]
diff --git a/src/Security/Authentication/test/TwitterTests.cs b/src/Security/Authentication/test/TwitterTests.cs
index 8eb7a5cd7d..7d028396d2 100644
--- a/src/Security/Authentication/test/TwitterTests.cs
+++ b/src/Security/Authentication/test/TwitterTests.cs
@@ -211,7 +211,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter
             var response = await client.SendAsync(request);
 
             Assert.Equal(HttpStatusCode.Redirect, response.StatusCode);
-            Assert.Equal("/access-denied?ReturnUrl=%2Fchallenge", response.Headers.Location.ToString());
+            Assert.Equal("http://localhost/access-denied?ReturnUrl=%2Fchallenge", response.Headers.Location.ToString());
         }
 
         [Fact]