stackoom
  简体   繁体   中英

Redirect URI sent as HTTP and not HTTPS in app running HTTPS

 原文  2018-05-22 12:42:57       c#/ oauth/ asp.net-core-mvc/ identityserver4

Question

I have an Asp .net core MVC app. Which connects to an Identity Server 4 for authentication. Hosted in a docker swarm

MVC app is hosted on https://XXXXXXX

ConfigurServies

services.AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })
             .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
            .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
            {
                //options.DataProtectionProvider = DataProtectionProvider.Create(new DirectoryInfo(@"C:\temp-keys\"));
                // when the identity has been created from the data we receive,
                // persist it with this authentication scheme, hence in a cookie
                options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                // Identity server endpoint
                options.Authority = settingsSetup.IdentityServerEndpoint;

                // Client id to login with
                options.ClientId = settingsSetup.ClientId;
                // Client secret.
                options.ClientSecret = settingsSetup.Secret;

                // Scope of our API
                options.Scope.Add("testapi");
                options.Scope.Add("devconsole");
                // adding offline_access to get a refresh token
                options.Scope.Add("offline_access");

                options.ResponseType = "code id_token";
                options.SaveTokens = true;
                options.GetClaimsFromUserInfoEndpoint = true;
            });

When I try to run the app I get a redirect uri miss match error.

Invalid redirect_uri: http://developerconsole.XXXXX.io/signin-oidc
{
  "ClientId": "BB1D2DA8-D7E4-4AF5-94FA-19EAD6B7D711.apps.XXXXX.biz",
  "ClientName": "Developer Console",
  "AllowedRedirectUris": [
    "http://localhost:55000/signin-oidc",
    "http://localhost:55000/auth.html",
    "http://localhost:55000/auth-silent.html"
    "https://developerconsole.XXXXX.io/signin-oidc"
  ],
  "SubjectId": "21379983",
  "RequestedScopes": "",
  "Raw": {
    "client_id": "BB1D2DA8-D7E4-4AF5-94FA-19EAD6B7D711.apps.XXXXX.biz",
    "redirect_uri": "http://developerconsole.XXXXX.io/signin-oidc",
    "response_type": "code id_token",
    "scope": "openid profile testapi devconsole offline_access",
    "response_mode": "form_post",
    "nonce": "636625889658410682.MjNlMmQwNjgtZmY0MC00MmVkLWFiNmMtN2M2YmQ5YTM5ZTQ3NjFiYzI2ZjktZWM0Yi00NDk3LTk1ZWMtNjJkYjViMDYwMTJm",
    "state": "CfDJ8Pwa8A3ipXlKtuyxNMpMxAz5QUFmdSunRKdlKS9sS390AKp8gIUZShQUMMCkFAhYLytitgsXUBgwlQDJaJvtHFqzHygLCPwS8Jab6IJzhpry90qS51E1y_eRlppamRDOzYDZ6fcDFzWV1U43BTP2B6pnPTSLNcZRaooyGBXtNokeUqOJ--u-_MOQB8Bw3n2cRyV4kisHNkslD1Gsi2wn1Cx6aTVlqzw_pxHelAXm1P8FyDJpD7G0azFgKgpQF0DRJtC5penRJQzHIHvQN8v4ECGeuSD1zlyfJYClLO2r6kY_R2OYqtBkV0r_SNc9h7xUYmnVaHKQzYqVc_mJO4iLLSMTZrBUICZWR8c4PZw0Os3N",
    "x-client-SKU": "ID_NET",
    "x-client-ver": "2.1.4.0"
  }
}

The error is coming because i have "https://developerconsole.XXXXX.io/signin-oidc" as a redirect uri and not "http://developerconsole.XXXXX.io/signin-oidc" I dont want to add HTTP redirect uris.

Why is my app building the redirect uri has http and not https?

If i do add the HTTP on i am getting an annoying Correlation error. which i think is due to the fact that its being returned by the server as https since the server automatically converts http to https.

An unhandled exception occurred while processing the request. Exception: Correlation failed. Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler+d__12.MoveNext()

Stack Query Cookies Headers Exception: Correlation failed. Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler+d__12.MoveNext() System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) Microsoft.AspNetCore.Authentication.AuthenticationMiddleware+d__6.MoveNext() System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware+d__7.MoveNext()

I probably dont need to mention this works fine on localhost:/

4 answers

solution1
 11 ACCPTED  2018-05-24 09:11:01

The solution was quite simple. By setting UseForwardedHeaders it now sends all the requests as HTTPS. 

app.UseForwardedHeaders(new ForwardedHeadersOptions
        {
            ForwardedHeaders = ForwardedHeaders.XForwardedProto
        });

Correlation failed.

is now fixed and i no longer need to have a http and https redirect uris.

solution2
 1  2022-10-07 18:39:10

ASP.NET core documentation says if the forwarded headers are not working add this middleware 

app.Use((context, next) =>
{
    context.Request.Scheme = "https";
    return next(context);
});

Refer to the Scenarios and User cases section of - https://learn.microsoft.com/en-us/as.net/core/host-and-deploy/proxy-load-balancer?view=as.netcore-6.0

solution3
 0  2018-05-25 04:06:51

only add this code to your web.config file and of course change.com with your website , anyone enter the URL in the browser direct Redirect URI from HTTP to HTTPS. 

<system.webServer>
    <rewrite>
      <rules>
        <rule name="IP Hit" stopProcessing="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTP_HOST}" pattern="http://www.exemple.com" />
            <add input="{HTTPS}" pattern="off" ignoreCase="true" />
          </conditions>
          <action type="Redirect" url="https://www.exemple.com/{R:1}" redirectType="Permanent" />
        </rule>
      </rules>
    </rewrite>
    <urlCompression doDynamicCompression="true" doStaticCompression="true" dynamicCompressionBeforeCache="true" />
    <staticContent>
      <clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="365:00:00" />
    </staticContent>
 <system.webServer>

solution4
 0  2022-01-12 12:19:57

Ubuntu 18, Nginx, .NetCore 3.1 it works like: 

app.UseForwardedHeaders(new ForwardedHeadersOptions
            {
                ForwardedHeaders = ForwardedHeaders.All
            });

/etc/nginx/nginx.conf

fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;

/etc/nginx/sites-enabled/default or your web config file 

location / {

# under your configuration
    proxy_set_header X-Forwarded-Proto $scheme;
}

Then it started to redirect to https, and without nginx config i got error 503.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure Ad redirect Uri get http instead of https http to https redirect not working Proplem with redirect http to https Redirect HTTP to HTTPS for all pages http to https redirect on applicationwide scale Redirect website from http to https ASP.NET MVC External login redirect URi from http to https provided URI scheme'http' is invalid; expected 'https' Redirect loop during http:// to https:// redirect HTTPS Redirect Causing Error “Server cannot append header after HTTP headers have been sent”
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM