This project has moved. For the latest updates, please go here.

Redirect from HTTP to HTTPS on ExternalLogin with Owin + OAuth2

Oct 23, 2015 at 5:34 PM
Edited Oct 23, 2015 at 5:35 PM
My Application Hosting uses the ARR to redirect all pages to HTTPS.

The problem is that the way it was configured, the ASP.Net MVC understand that the request is HTTP, even being HTTPS.

When I check the URL that goes to google authentication it is that way:
&redirect_uri=http%3A%2F%mydomain.com\signing-google
I am trying redirect to google changing "manually" to HTTPS.

I have tried this:
public class ChallengeResult : HttpUnauthorizedResult
{
   ...

    public override void ExecuteResult(ControllerContext context)
    {
        var properties = new AuthenticationProperties { RedirectUri = RedirectUri };
        if (UserId != null)
            properties.Dictionary[XsrfKey] = UserId;

        var owin = context.HttpContext.GetOwinContext();

        owin.Request.Scheme = "https"; //hotfix

        owin.Authentication.Challenge(properties, LoginProvider);
    }
}
And this:
 app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
            {
                ClientId = Secrets.GoogleClientId,
                ClientSecret = Secrets.GoogleClientSecret,
                Provider = new GoogleOAuth2AuthenticationProvider()
                {
                    OnApplyRedirect = async context =>
                    {
                        string redirect = context.RedirectUri;

                        redirect = redirect.Replace("redirect_uri=http", "redirect_uri=https");
                        context.Response.Redirect(redirect);
                    }
                }
            });
The two ways are wonking and the google can redirect to my application again, however, when I try get the loginInfo the data is null.
 public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
    {
        if (string.IsNullOrEmpty(returnUrl))
            returnUrl = "~/";

        var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
        if (loginInfo == null)
        {
            //always return null, if I change from HTTP to HTTPS manually
        }
I tried to see the GetExternalLoginInfoAsync() implementation, but I didn't find because it always return null when I do this workaround.

I also put this question on the StackOverFlow site