This problem is occurring because your application is issuing a redirect to an absolute URL. You can fix this in one of two ways, in the load balancer or in the application itself.
Load Balancer
Configure your load balancer to rewrite redirect responses from http to https. If you were using ARR, the following rule (taken from here) should work:
<rule name="forum-redirect" preCondition="IsRedirection" enabled="true">
<match serverVariable="RESPONSE_LOCATION" pattern="^http://[^/]+/(.*)" />
<conditions>
<add input="{ORIGINAL_HOST}" pattern=".+" />
</conditions>
<action type="Rewrite" value="http://{ORIGINAL_HOST}/{R:1}" />
</rule>
Other load balancers will require similar configuration.
Application
We can replace the URL that OWIN redirects to in the authorization process with a relative URL, which means the protocol will stay as whatever the browser was previously using.
It took a bit of digging in the Owin source to find how to do this, but the following change to your Application startup should solve your problems. First, extract the CookieAuthenticationProvider initialisation from your startup config.
Change:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Move these options in the step below...
}
});
To:
var cookieProvider = new CookieAuthenticationProvider
{
// ... Options from your existing application
};
// Modify redirect behaviour to convert login URL to relative
var applyRedirect = cookieProvider.OnApplyRedirect;
cookieProvider.OnApplyRedirect = context =>
{
if (context.RedirectUri.StartsWith("http://" + context.Request.Host))
{
context.RedirectUri = context.RedirectUri.Substring(
context.RedirectUri.IndexOf('/', "http://".Length));
}
applyRedirect(context);
};
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = cookieProvider
});
While we can't get at where the redirection rule is set easily, OWIN uses a delegate to perform the actual redirect. What I've done here is stored that delegate, modified the URL it is about to be given, and then called it again.
With this option, ensure that any other redirects and links within your site are relative.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…