Redirect from Http to Https on Owin + Oauth + Google Externallogin

Asked

Viewed 342 times

10

Host where my application is hosted uses ARR to redirect all pages to Https.

The problem is that the way the code of the asp.net mvc understands that the requisition is http, even though https.

When I see the URL that goes to Google authentication is like this: 

&redirect_uri=http%3A%2F%mydomain.com\signing-google

So I’m trying to redirect to Google by changing "at hand" to https.

I’ve tried that:

 public class ChallengeResult : HttpUnauthorizedResult
{
   ...

    public override void ExecuteResult(ControllerContext context)
    {
        var properties = new AuthenticationProperties { RedirectUri = RedirectUri };
        if (UserId != null)
            properties.Dictionary[XsrfKey] = UserId;

        var owin = context.HttpContext.GetOwinContext();

        owin.Request.Scheme = "https"; //hotfix

        owin.Authentication.Challenge(properties, LoginProvider);
    }
}

and this:

 app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
            {
                ClientId = Secrets.GoogleClientId,
                ClientSecret = Secrets.GoogleClientSecret,
                Provider = new GoogleOAuth2AuthenticationProvider()
                {
                    OnApplyRedirect = async context =>
                    {
                        string redirect = context.RedirectUri;

                        redirect = redirect.Replace("redirect_uri=http", "redirect_uri=https");
                        context.Response.Redirect(redirect);
                    }
                }
            });

Both ways work and Google can redirect to my application again, but the moment I get the user data it returns null.

 public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
    {
        if (string.IsNullOrEmpty(returnUrl))
            returnUrl = "~/";

        var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
        if (loginInfo == null)
        {
            //sempre retorna null se eu mudo de http para https "na mão"
        }

I tried to see the implementation of the method GetExternalLoginInfoAsync(), but I haven’t found why to always return null when I do that workaround.

c# asp.net-mvc-5 owin

  • Have you tried any of the solutions given in this reply?(note: link to SOEN)

  • You’ve already solved something?

  • In my case, the only solution was to talk to the infra sector and change the ARR configuration. So I don’t know what to do with this question (since there was no solution).

2 answers

1

You can add a Javascript code to your html pagin at head:

<script language="JavaScript">
 function redirectHttpToHttps()
 {
    var httpURL= window.location.hostname + window.location.pathname +    window.location.search;
    var httpsURL= "https://" + httpURL;
    window.location = httpsURL;
 }
 redirectHttpToHttps();
</script>

  • But I think it’s best to set it up on the ISS like Gypsy Morrison Mendez said

1

This should not be solved by code. This should be solved by IIS configuration.

The best way is to insert in your Web.config the following:

<configuration>
  ...
  <system.webServer>
    ...
    <rewrite>
      <rules>
        <clear />
        <rule name="Force HTTPS" enabled="true">
          <match url="(.*)" ignoreCase="false" />
          <conditions>
            <add input="{HTTPS}" pattern="off" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="true" redirectType="Permanent" />
        </rule>
      </rules>
    </rewrite>
    ...
  </system.webServer>
  ...
</configuration>

In my systems, I usually put this part in the transformation file (Web.Release.config):

<configuration>
  ...
  <system.webServer>
    ...
    <rewrite xdt:Transform="Insert">
      <rules>
        <clear />
        <rule name="Force HTTPS" enabled="true">
          <match url="(.*)" ignoreCase="false" />
          <conditions>
            <add input="{HTTPS}" pattern="off" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="true" redirectType="Permanent" />
        </rule>
      </rules>
    </rewrite>
    ...
  </system.webServer>
  ...
</configuration>

Browser other questions tagged c# asp.net-mvc-5 owin

You are not signed in. Login or sign up in order to post.