Facebook Login recommending to require HTTPS - How to Configure HTTP redirect URL for Facebook Login in ASP.NET MVC?
Facebook is recommending that I use a HTTPS redirect URL, instead of HTTP. I\'ve been trying to find a way to configure it to generate a HTTPS URL, at the moment it\'s gene
-
Thanks to help from Chris Ross at Microsoft, I was able to get an answer to this question by raising the issue on Github.
It appears that the
Microsoft.Owin.SecurityNuget package generates therequest_urithat it instructs Facebook to use based on the current request context.In my case, I was running all of my servers over HTTP (not HTTPS) and the load balancer was handling all of the HTTPS stuff for me. IE. The load balancer was severing the SSL connection.
The way to ensure that the package generates a HTTPS is to employ middleware in the OwinStart Configuration method that is based on the
x-forwarded-protoheader that is forwarded from the load balancer, like so:app.Use((context, next) => { if (context.Request.Headers["x-forwarded-proto"] == "https") { context.Request.Scheme = "https"; } return next(); }); // Use Cookies // Use FacebookSo my OwinStart looks like this now:
public class OwinStart { public void Configuration(IAppBuilder app) { app.Use((context, next) => { if (context.Request.Headers["x-forwarded-proto"] == "https") { context.Request.Scheme = "https"; } return next(); }); app.UseCookieAuthentication(new CookieAuthenticationOptions() { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Welcome") }); app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); // Configure Facebook authentication app.UseFacebookAuthentication(new FacebookAuthenticationOptions { AppId = ConfigurationManager.AppSettings["FacebookAppId"], AppSecret = ConfigurationManager.AppSettings["FacebookAppSecret"] }); } }讨论(0)
加载中...
- 热议问题