I have a load balancing environment on AWS powered by Elastic Beanstalk. The SSL certificate is applied on the load balancer. To force https redirects, i have followed the accepted answer in this post Redirect to https through url rewrite in IIS within elastic beanstalk's load balancer. These are the exact lines of code which i have written in web.config

<rules>
<rule name="Force Https" stopProcessing="true">
  <match url="^healthcheck.html$" negate="true" />
  <conditions>
    <add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" negate="true" />
  </conditions>
  <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>

This is working perfectly for everything else apart from external logins. Whenever i try to login from external providers, it gives HTTP 500 error. If i remove these lines, then logins are working perfectly both on localhost and on AWS. Kindly help me get a solution so that i am able to force HTTPS redirects and successfully get external logins.

Another thing worth mentioning is that without forced redirects, external providers redirect to http version of the site, even when i request from the https version.

Update The exact code i am using for facebook login is as below

app.UseFacebookAuthentication(new FacebookAuthenticationOptions
        {
            AppId = "xxx",                      // production values
            AppSecret = "xxx",

            BackchannelHttpHandler = new FacebookBackChannelHandler(),
            UserInformationEndpoint = "https://graph.facebook.com/v2.7/me?fields=id,name,email,first_name,last_name",
            Scope = { "email" },
            Provider = new FacebookAuthenticationProvider
            {
                OnAuthenticated = context =>
                {
                    context.Identity.AddClaim(new Claim("FacebookAccessToken", context.AccessToken));
                    return Task.FromResult(true);
                },
                OnApplyRedirect = OnApplyRedirectHttps
            }
        });

Your application is running into an issue where it thinks it's using HTTP, but in reality it's using HTTPS. This is due to the HTTPS-to-HTTP connection-swap that's happening from the ELB.

So, whenever your app is using the request URL, you need to look at the X-Forwarded-Proto header.

This header will tell your application whether HTTP or HTTPS was used to connect to the ELB.

Source: http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/x-forwarded-headers.html

As part of the external login redirect (to Facebook, Twitter, etc.), your app will very often attach a return URL. You need to ensure that URL is using HTTPS rather than HTTP.

Query the X-Forwarded-Proto header to determine which is used and ensure your return URL has the proper protocol.

This is going to become a common theme in your app. Just get used to doing it this way.

Update:

For example, as per this SO article:

change facebook redirect_uri web api

you will want to put the following code at the start of your Startup.Auth.cs file:

app.Use((context, next) =>
{
  context.Request.Scheme = "https";
  return next();
});