Redirect from HTTP to HTTPS on ExternalLogin with Owin + OAuth + Google

Question

My Application Hosting uses the ARR to redirect all pages to HTTPS.

The problem is that the way it was configured, the ASP.Net MVC understand that the request is HTTP, even being HTTPS.

When I check the URL that goes to google authentication it is that way:

&redirect_uri=http%3A%2F%mydomain.com\signing-google

I am trying redirect to google changing "manually" to HTTPS.

I have tried this:

public class ChallengeResult : HttpUnauthorizedResult
{
   ...

    public override void ExecuteResult(ControllerContext context)
    {
        var properties = new AuthenticationProperties { RedirectUri = RedirectUri };
        if (UserId != null)
            properties.Dictionary[XsrfKey] = UserId;

        var owin = context.HttpContext.GetOwinContext();

        owin.Request.Scheme = "https"; //hotfix

        owin.Authentication.Challenge(properties, LoginProvider);
    }
}

And this:

 app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
            {
                ClientId = Secrets.GoogleClientId,
                ClientSecret = Secrets.GoogleClientSecret,
                Provider = new GoogleOAuth2AuthenticationProvider()
                {
                    OnApplyRedirect = async context =>
                    {
                        string redirect = context.RedirectUri;

                        redirect = redirect.Replace("redirect_uri=http", "redirect_uri=https");
                        context.Response.Redirect(redirect);
                    }
                }
            });

The two ways are wonking and the google can redirect to my application again, however, when I try get the loginInfo the data is null.

 public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
    {
        if (string.IsNullOrEmpty(returnUrl))
            returnUrl = "~/";

        var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
        if (loginInfo == null)
        {
            //always return null, if I change from HTTP to HTTPS manually
        }

I tried to see the GetExternalLoginInfoAsync() implementation, but I didn't find because it always return null when I do this workaround.

Answer 1

After looking at different variations of the same problem, I've found a solution to this, at least in my specific scenario.

MVC hosted on AWS EB with a load balancer.

public void ConfigureAuth(IAppBuilder app)
{
    app.Use((ctx, next) =>
    {
        ctx.Request.Scheme = "https";
        return next();
    });

    // your other middleware configuration

    // app.UseFacebookAuthentication();
    // app.UseGoogleAuthentication();

    // other providers
}

I put the Use() function before all other configurations, it may only be necessary to place it above the OAuth provider configurations.

My guess is manipulating the redirect_uri directly causes issues with the signing of the callback data.