Identity Server with MVC Client running behind an AWS Load Balancer

1
votes

I currently have the following set up on my AWS Service

  • MVC Client Application running on IIS on Windows 2012 R2 (under http)
  • Identity 4 Security Service running under Kestrel on Linux (under http)

I am also using an AWS Load balancer to handle the SSL validation etc to save running the application on HTTPS.

The MVC Client application and the Security service are also on different public facing urls.

The issue I am facing is as follows:

When the user browses to a protected action on the MVC Client (https://mywebsite.net) they are redirected to my security service via its public address (https://auth.mywebsite.net). The security service sees the address of the client application as http://mywebsite.net and therefore the client record is setup with the client redirect uri as http://mywebsite.net/signin-oidc to allow successful validation of the client.

Once the user has logged in successfully they are redirected back to the signin-oidc endpoint of the client application,however this is done on HTTP :( this causes security warnings on the users browser as they are going from HTTPS to HTTP.

Is there a way (behind the balancer) that the Security Service can be instructed to do its redirect to HTTPS and not HTTP.

or

Is there a way that the client passes the url the user accessed (https://mywebsite.net) rather than the balancer output (http://mywebsite.net) to be used for the client validation.

Any help on this would be appreciated.

Regards,

Stuart Ferguson

1
c#asp.net-mvcamazon-web-serviceshttpsidentityserver4
Did you ever determine how to approach this issue? I'm having the exact same problem right now. - Nick Beukema
did either of you all figure this one out. I am also dealing with this - Jacob

1 Answers

0
votes

Please refer to this link. Please look at your config on identity server 4 and make sure your redirecturi is setup correctly.

I am specifically referring to this code:

On identity server 4: Config.cs

// MVC client using implicit flow new Client { ClientId = "mvc", ClientName = "MVC Client",

                AllowedGrantTypes = GrantTypes.Implicit,
                ClientSecrets = { new Secret("373f4671-0c18-48d6-9da3-962b1c81299a".Sha256()) },
                ClientUri="http://localhost:5500",
                RedirectUris = {"http://localhost:5001/signin-oidc",},
                LogoutUri = "http://localhost:5001/signout-oidc",
                PostLogoutRedirectUris = { "http://localhost:5001/signout-callback-oidc" },

                AllowOfflineAccess = true,
                AllowedScopes =
                { 
                    "api1",
                    "profile",
                    "openid"
                }
            },