0

We have an ASP.Net Core website and use AddAuthentication with AddCookie to redirect the user to the OAuth login provider when they are not logged in. We can provide a relative path to the login action with LoginPath. This has to be a relative path; a full path results in an exception. The problem is that our website is behind a load balancer. The traffic to the load balancer is https, but from there it becomes http to the web server. This causes the redirect url to be http, instead of https. How can we control the LoginPath to use https as the redirect?

Eric
  • 2,120
  • 1
  • 17
  • 34
  • Can you show your code where you are setting the `LoginPath`? – Gabriel Luci Jan 30 '19 at 02:34
  • The solution might be similar to what's [here](https://stackoverflow.com/a/30625668/1202807) (but that's not Core, so maybe not) – Gabriel Luci Jan 30 '19 at 02:34
  • There are two solutions [here](https://stackoverflow.com/questions/39206489/asp-net-core-cookieauthenticationoptions-loginpath-on-different-domain) (depends on your ASP.NET Core version) – Gabriel Luci Jan 30 '19 at 02:36

1 Answers1

0

I found the answer at the post recommended by @GabrielLuci.

ASP.NET Core CookieAuthenticationOptions.LoginPath on different domain

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(o =>
{
    o.Cookie.Name = "myCookie";
    o.Events = new CookieAuthenticationEvents()
    {
        OnRedirectToLogin = (context) =>
        {
            context.HttpContext.Response.Redirect("https://externaldomain.com/login");
            return Task.CompletedTask;
        }
    };
});
Eric
  • 2,120
  • 1
  • 17
  • 34