{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 迷人小祖宗 的问题《HTTP 500 error on forced HTTPS redirects with exte》','https://www.manongdao.com/q-1132227.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have a load balancing environment on AWS powered by Elastic Beanstalk. The SSL certificate is applied on the load balancer. To force https redirects, i have followed the accepted answer in this post Redirect to https through url rewrite in IIS within elastic beanstalk's load balancer. These are the exact lines of code which i have written in web.config
<rules>
<rule name="Force Https" stopProcessing="true">
<match url="^healthcheck.html$" negate="true" />
<conditions>
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="https" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
This is working perfectly for everything else apart from external logins. Whenever i try to login from external providers, it gives HTTP 500 error. If i remove these lines, then logins are working perfectly both on localhost and on AWS. Kindly help me get a solution so that i am able to force HTTPS redirects and successfully get external logins.
Another thing worth mentioning is that without forced redirects, external providers redirect to http version of the site, even when i request from the https version.
Update The exact code i am using for facebook login is as below
app.UseFacebookAuthentication(new FacebookAuthenticationOptions
{
AppId = "xxx", // production values
AppSecret = "xxx",
BackchannelHttpHandler = new FacebookBackChannelHandler(),
UserInformationEndpoint = "https://graph.facebook.com/v2.7/me?fields=id,name,email,first_name,last_name",
Scope = { "email" },
Provider = new FacebookAuthenticationProvider
{
OnAuthenticated = context =>
{
context.Identity.AddClaim(new Claim("FacebookAccessToken", context.AccessToken));
return Task.FromResult(true);
},
OnApplyRedirect = OnApplyRedirectHttps
}
});
Your application is running into an issue where it thinks it's using HTTP, but in reality it's using HTTPS. This is due to the HTTPS-to-HTTP connection-swap that's happening from the ELB.
So, whenever your app is using the request URL, you need to look at the
X-Forwarded-Protoheader.This header will tell your application whether HTTP or HTTPS was used to connect to the ELB.
Source: http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/x-forwarded-headers.html
As part of the external login redirect (to Facebook, Twitter, etc.), your app will very often attach a return URL. You need to ensure that URL is using HTTPS rather than HTTP.
Query the
X-Forwarded-Protoheader to determine which is used and ensure your return URL has the proper protocol.This is going to become a common theme in your app. Just get used to doing it this way.
Update:
For example, as per this SO article:
change facebook redirect_uri web api
you will want to put the following code at the start of your
Startup.Auth.csfile: