I am creating an AspNetCore application with Google authentication. I am deploying this app behind an nginx reverse proxy on an Ubuntu server. Almost everything is working, but I am having trouble with the callback url.
In the Google developer console, I have http://localhost:5000/signin-google set as an authorized redirect URI. This works as expected and allows me to use Google authentication when running from my workstation.
For production, I have https://myserver/signin-google set as an authorized redirect URI. However, when I try to use it, I get an error from accounts.google.com that http://myserver/signin-google (notice the missing s) is not authorized. That's true; it shouldn't be authorized and my server doesn't even respond to port 80 requests.
How can I tell the authentication middleware that I need it to use HTTPS for the callback URL?
I finally figured it out.
Step 1: Make sure Nginx is sending the necessary forwarding headers, for example:
server {
# other stuff ...
location / {
# other stuff ...
proxy_set_header X-Forwarded-Proto $scheme;
# you could also just hardcode this to https if you only accept https
}
}
Step 2: By default, AspNetCore will ignore these headers. Install the middleware that processes it:
PM> Install-Package Microsoft.AspNetCore.HttpOverrides
Step 3: in your Configure function, apply the middleware.
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedProto
});
This should correctly change the Context.Request.Scheme value to https, which will cause the authentication middleware to generate the correct redirect_uri.
来源:https://stackoverflow.com/questions/38153044/how-to-force-an-https-callback-using-microsoft-aspnetcore-authentication-google