问题
I have just moved my code to our QA environment which uses https and what was working in Dev is not working in QA because the browser gets stuck in an infinite redirect loop. Our load balancer forces https so when the login redirect happens from code, which for some reason it's trying to redirect to http instead of https, the load balancer is stopping it and adding https again which causes the infinite loop. The question I have is why is this code not just redirecting to https, the path is relative in the ConfigureServices() method. I've looked at it in fiddler, and it is indeed adding the FQDN for the redirect with http instead of https.
Is there some property I need to add to options here to allow https redirects?
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie(options =>
{
options.LoginPath = "/Account/LogIn";
options.LogoutPath = "/Account/LogOff";
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseAuthentication();
}
thanks.
回答1:
We just use:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
... //settings and logging initialization
app.Use((context, next) =>
{
context.Request.Scheme = "https";
return next();
});
... //all the rest middleware calls
}
and it helps in most situations under OWIN and .Net Core up to 2.0
回答2:
Based on @Programmer's suggestion in the comments to the OP, I took a look at this: https://codeopinion.com/configuring-asp-net-core-behind-a-load-balancer/ It describes my situation exactly (ssl termination at the load balancer and the .net core 2.0 app redirecting to http for login). I then tried making the request through the LB with the header the article suggests and adding in the Configure() method of the Startup class this piece of code:
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedProto
});
what was interesting is that when I made a request including the proto header:
X-Forwarded-Proto:https
from outside the LB, it passed that header through to the app and it worked great, no more infinite redirect loop. However when our infrastructure guys added that header to the request that the LB makes to the internal nodes behind the LB, I was getting a redirect to https, yay, but it was also prepending the ip address to the redirect URL (we have a netscaler LB). Apparently by default when you add a custom header, there's a checkbox to include the IP to the internal node and that had to be unchecked. After that was done, we're in business.
thanks again @Programmer for your help. You definitely pointed me in the right direction.
回答3:
For .net core 2.1 and up with azure authentication try this code.
services.Configure(AzureADDefaults.CookieScheme, options =>
{
options.Cookie.SameSite = SameSiteMode.None;
});
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
来源:https://stackoverflow.com/questions/50820414/net-core-2-0-cookie-authentication-getting-stuck-in-infinite-redirect-loop-when