如何使用Microsoft.AspNetCore.Authentication.Google强制HTTPS回调? [英] How to force an HTTPS callback using Microsoft.AspNetCore.Authentication.Google?

问题描述

我正在使用Google身份验证创建一个AspNetCore应用程序.我正在Ubuntu服务器上的Nginx反向代理后面部署此应用程序. 几乎一切正常，但是我在回调网址方面遇到了麻烦.

I am creating an AspNetCore application with Google authentication. I am deploying this app behind an nginx reverse proxy on an Ubuntu server. Almost everything is working, but I am having trouble with the callback url.

在Google开发者控制台中，我设置了 http://localhost:5000/signin-google 作为授权的重定向URI.这可以按预期工作，并允许我从工作站运行时使用Google身份验证.

In the Google developer console, I have http://localhost:5000/signin-google set as an authorized redirect URI. This works as expected and allows me to use Google authentication when running from my workstation.

对于生产环境，我已将 https://myserver/signin-google 设置为授权重定向URI.但是，当我尝试使用它时，我从accounts.google.com收到了一个错误，提示 http://myserver/signin-google (请注意缺少)是未授权的.确实如此;它不应该被授权，我的服务器甚至不响应端口80的请求.

For production, I have https://myserver/signin-google set as an authorized redirect URI. However, when I try to use it, I get an error from accounts.google.com that http://myserver/signin-google (notice the missing s) is not authorized. That's true; it shouldn't be authorized and my server doesn't even respond to port 80 requests.

如何告诉身份验证中间件我需要它来使用HTTPS作为回调URL?

How can I tell the authentication middleware that I need it to use HTTPS for the callback URL?

推荐答案

我终于知道了.

步骤1:确保Nginx正在发送必要的转发标头，例如:

Step 1: Make sure Nginx is sending the necessary forwarding headers, for example:

server {
    # other stuff ...
    location / {
        # other stuff ...
        proxy_set_header X-Forwarded-Proto $scheme;
        # you could also just hardcode this to https if you only accept https
    }
}

第2步:默认情况下，AspNetCore将忽略这些标头.安装对其进行处理的中间件:

Step 2: By default, AspNetCore will ignore these headers. Install the middleware that processes it:

PM> Install-Package Microsoft.AspNetCore.HttpOverrides

第3步:在您的Configure函数中，应用中间件.

Step 3: in your Configure function, apply the middleware.

app.UseForwardedHeaders(new ForwardedHeadersOptions
{
    ForwardedHeaders = ForwardedHeaders.XForwardedProto
});

这应该将Context.Request.Scheme值正确更改为https，这将导致身份验证中间件生成正确的redirect_uri.

This should correctly change the Context.Request.Scheme value to https, which will cause the authentication middleware to generate the correct redirect_uri.

这篇关于如何使用Microsoft.AspNetCore.Authentication.Google强制HTTPS回调?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！