I'm trying to deploy an ASP.NET MVC web application, which uses individual user accounts, to an AWS server, which is using an elastic load balancer (ELB). I've deployed the site to IIS on the AWS app server, connected it to my AWS SQL server, and it works as expected on the server (and indeed when I run it in Visual Studio or deploy to an internal server).

我正在尝试部署一个ASP。使用单个用户帐户的NET MVC web应用程序到AWS服务器，该服务器使用弹性负载均衡器(ELB)。我已经将这个站点部署到AWS应用服务器上的IIS上，并将它连接到我的AWS SQL服务器上，它在服务器上的工作方式与预期一样(实际上，当我在Visual Studio中运行它或部署到内部服务器时)。

The problem comes when accessing it remotely, which of course goes via the ELB.

当远程访问时，问题就出现了，当然是通过ELB访问的。

• If I try and access https://www.example.com/ it doesn't work - it will redirect me to http://www.example.com/Account/Login?ReturnUrl=%2F, which hangs and I then get a 408 error.
• 如果我尝试访问https://www.example.com/它不工作，它将把我重定向到http://www.example.com/Account/Login?ReturnUrl=%2F，它挂起，然后我得到一个408错误。
• If I try and access, say, https://www.example.com/Dashboard/Index it doesn't work - it will redirect me to http://www.example.com/Account/Login?ReturnUrl=%2FDashboard%2FIndex, which hands and I then get a 408 error.
• 如果我尝试访问，比如https://www.example.com/Dashboard/Index它不工作——它会将我重定向到http://www.example.com/Account/Login?ReturnUrl=%2FDashboard%2FIndex，哪个指针然后我得到一个408错误。
• If I try and access https://www.example.com/Account/Login directly, it works fine. I can then log in and all pages in my site work as expected. If I log out though, I get redirected to http://www.example.com/Account/Login?ReturnUrl=%2F, which hands and I then get a 408 error.
• 如果我尝试直接访问https://www.example.com/Account/Login，它可以正常工作。然后，我就可以按预期登录我的站点中的所有页面。如果我退出，我将被重定向到http://www.example.com/Account/Login?ReturnUrl=%2F，得到一个408错误。

So basically, if I'm logged in, it's fine. If I'm not logged in, the login page is fine but nothing else is. My thinking, along with a colleague from our internal team who works with AWS (he isn't able to help me btw, I've asked!) is that when I get redirected to the login page, it's a HTTP request and not HTTPS, and that's the cause of the issue, but no matter what I've tried I can't get it to redirect with HTTPS. I've tried:

基本上，如果我登录了，没问题。如果我没有登录，登录页面是可以的，但是没有其他的。我的思想,还有一个同事从我们的内部团队与AWS(他不能帮我顺便说一句,我问!)是,当我被重定向到登录页面,它是一个HTTP请求,而不是HTTPS,问题的原因,但无论如何我试过了,我不能让它重定向使用HTTPS。我试过了:

• adding rules in my web.config file to pick up forwarded requested and redirect them to HTTPS - which doesn't seem to have made any noticeable difference
• 在我的网络中添加规则。配置文件来接收转发请求并将它们重定向到HTTPS——这似乎没有什么明显的区别
• various different attributes added to either my FilterConfig or the Login action
• 添加到FilterConfig或登录操作中的各种不同属性
• adding rules directly in IIS using URL Rewrite
• 使用URL重写直接在IIS中添加规则

Obviously my workaround is to get everyone to go to the login page and start there rather than just the root URL, but I'd really like to get this sorted as if redirecting doesn't work here, I can see it not working elsewhere and potentially causing issues.

显然，我的解决方案是让每个人都登录到登录页面并从那里开始，而不仅仅是根URL，但是我真的希望把它排序，就像重定向在这里不起作用一样，我可以看到它在其他地方不起作用，并可能导致问题。

Update as requested: I don't actually have any control over my ELB as that's done by a different team, but my understanding from speaking to the team is that it accepts traffic as HTTPS and then passes it on to the server as HTTP.

按要求进行更新:实际上我对ELB没有任何控制，因为这是由另一个团队完成的，但是我从与团队的对话中了解到，它接受作为HTTPS的流量，然后将其作为HTTP传递给服务器。

1 个解决方案

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    Provider = new CookieAuthenticationProvider
    {
        // Enables the application to validate the security stamp when the user logs in.
        // This is a security feature which is used when you change a password or add an external login to your account.  
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
            validateInterval: TimeSpan.FromMinutes(30),
            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
    }
});

OnApplyRedirect = ApplyRedirect  

private static void ApplyRedirect(CookieApplyRedirectContext context)
{
    Uri absoluteUri;
    if (Uri.TryCreate(context.RedirectUri, UriKind.Absolute, out absoluteUri))
    {
        context.Response.Redirect(absoluteUri.PathAndQuery);
        return;
    }

    context.Response.Redirect(context.RedirectUri);
}

#1

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    Provider = new CookieAuthenticationProvider
    {
        // Enables the application to validate the security stamp when the user logs in.
        // This is a security feature which is used when you change a password or add an external login to your account.  
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
            validateInterval: TimeSpan.FromMinutes(30),
            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
    }
});

OnApplyRedirect = ApplyRedirect  

private static void ApplyRedirect(CookieApplyRedirectContext context)
{
    Uri absoluteUri;
    if (Uri.TryCreate(context.RedirectUri, UriKind.Absolute, out absoluteUri))
    {
        context.Response.Redirect(absoluteUri.PathAndQuery);
        return;
    }

    context.Response.Redirect(context.RedirectUri);
}