1
votes

My ASP.Net Core 2.2 application's "Facebook external login setup" is working on my local machine but not working on Azure app service. I get a You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://error when the application redirects to facebook. However I have set up my application's secure url under facebook configuration=> "Valid OAuth Redirect URIs"(please see screenshot below).

What am I missing?

Startup.cs:

public void ConfigureServices(IServiceCollection services)
{
  services.Configure<ForwardedHeadersOptions>(options =>
  {
    options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
  });
.............

}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
      app.UseForwardedHeaders();
    }

Troubleshooting output based on this link:

Header: "X-Client-IP": ["76.187.198.247"]
Header: "X-Client-Port": ["51335"]
Header: "Upgrade-Insecure-Requests": ["1"]
Header: "DNT": ["1"]
Header: "X-WAWS-Unencoded-URL": ["/Identity/Account/Login"]
Header: "CLIENT-IP": ["76.187.198.247:51335"]
Header: "X-ARR-LOG-ID": ["3b69d760-03e7-4199-bec4-38ff77055413"]
Header: "DISGUISED-HOST": ["simplerproductsscrubber.azurewebsites.net"]
Header: "X-SITE-DEPLOYMENT-ID": ["SimplerProductsScrubber"]
Header: "WAS-DEFAULT-HOSTNAME": ["simplerproductsscrubber.azurewebsites.net"]
Header: "X-Original-URL": ["/Identity/Account/Login"]
Header: "X-Forwarded-For": ["76.187.198.247:51335"]
Header: "X-ARR-SSL": ["2048|256|C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA|C=US, S=Washington, L=Redmond, O=Microsoft Corporation, CN=*.azurewebsites.net"]
Header: "X-Forwarded-Proto": ["https"]
Header: "X-AppService-Proto": ["https"]
Request RemoteIp: "::ffff:172.16.1.1"
Request Method: "GET"
Request Scheme: "http"
Request Path: "/Identity/Account/Login"
Header: "Connection": ["close"]
Header: "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3"]
Header: "Accept-Encoding": ["gzip, deflate, br"]
Header: "Accept-Language": ["en-US,en;q=0.9"]
Header: "Cookie": ["ARRAffinity=152c130e21c95ce31be52418aed58ed4a1114b560e108246b2120e2d4dbf27ee; .AspNetCore.Antiforgery.nixphHDAMN4=CfDJ8G1Jn3njIA5IoKC-W8RHjabWwnkwCrPq4ZnU7-ZRlTXbuf8kfpKPQACS5HEylcqol59j-9GJ4AzKFgirMIn8yclO5QSucBnlED9aKjQgAlRrkuZmIZeu8VKT9oOA1V_dvEpjhDoqKxxWrRpfVwST6hU"]
Header: "Host": ["simplerproductsscrubber.azurewebsites.net"]
Header: "Max-Forwards": ["10"]
Header: "Referer": ["https://simplerproductsscrubber.azurewebsites.net/Dashboard"]
Header: "User-Agent": ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36"]

Facebook configuration: Valid OAuth Redirect URIs showing my website configured with https:

enter image description here

2
Sounds like your app generates the wrong redirect_uri when building the login URL. So probably something in your settings still thinks the app is running on HTTP.04FS

2 Answers

1
votes

What worked for me was the solution documented here . An ASPNETCORE_FORWARDEDHEADERS_ENABLED=true app setting also needs to be added in microsoft Azure.

// ConfigureServices

if (string.Equals("true", hostingContext.Configuration["ForwardedHeaders_Enabled"], StringComparison.OrdinalIgnoreCase))
            {
                services.Configure<ForwardedHeadersOptions>(options =>
                {
                    options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
                    // Only loopback proxies are allowed by default. Clear that restriction because forwarders are
                    // being enabled by explicit configuration.
                    options.KnownNetworks.Clear();
                    options.KnownProxies.Clear();
                });
            }
0
votes

In facebook developer, you have register an app with appId and appSecret, and you test it well in local. Once you publish your web site to Azure web app, you should reset the AppSecret in the Facebook developer portal.

According to your description it seems that your OAUTH URL set in FaceBook API OAUTH screen is not match to the url you are trying to use as OAUTH.

Add the following URL to the Valid OAuth redirect URIs field: https://yourwebsite.azurewebsites.net/auth/facebook/callback where the yoursite.com is your domain. And add ssl certificate to your azure website.