I was wondering if someone could give me a hand or point me in the right direction. I've setup facebook social sign in within my web api 2 project and it works correctly. However, when I deploy it to production I have found that the redirect_uri is showing HTTP instead of HTTPS and this causes the service to crash.
What I wanted to know was firstly how the redirect_uri is constructed and whether there was any way of updating it.
The whole reason this is happening is because of our load balancer. The site is running under the HTTP protocol but the loadbalancer accepts HTTPS traffic and redirects it to HTTP. Unfortunately, I cannot update the Loadbalancer so need to find a workaround.
I did try to intercept the redirect_uri in the ApplyRedirect
method of IFacebookAuthenticationProvider
and this successfully allowed me to change the redirect_uri from HTTP to HTTPS. However, when I did that I would get a flat error of access_denied once I had logged into Facebook and didn't know why this was occurring.
Could someone please help me get this implemented? Can I explicitly mark the redirect_uri and cookie set by facebook to HTTPS?
This is my Facebook Provider class
public class FacebookAuthProvider : IFacebookAuthenticationProvider
{
public void ApplyRedirect(FacebookApplyRedirectContext context)
{
string redirect_uri = context.RedirectUri;
redirect_uri = redirect_uri.Replace("redirect_uri=http", "redirect_uri=https");
context.Response.Redirect(redirect_uri);
}
public Task Authenticated(FacebookAuthenticatedContext context)
{
context.Identity.AddClaim(new Claim("ExternalAccessToken", context.AccessToken));
return Task.FromResult<object>(null);
}
public Task ReturnEndpoint(FacebookReturnEndpointContext context)
{
return Task.FromResult<object>(null);
}
}
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…