My Apache proxy file 000-default.conf
<VirtualHost *:80>
ServerName aaaaa.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/ [R,L]
</VirtualHost>
<VirtualHost *:443>
ProxyPreserveHost On
ProxyPass "/" "http://localhost:5000/"
ProxyPassReverse "/" "http://localhost:5000/"
ErrorLog /var/log/httpd/aaaaa-error.log
CustomLog /var/log/httpd/aaaaa-access.log common
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!RC4+RSA:+HIGH:+MEDIUM:!LOW:!RC4
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
</VirtualHost>
The code in Startup.cs
services.ConfigureApplicationCookie(options =>
{
options.LoginPath = new PathString("/Account/Login");
options.AccessDeniedPath = new PathString(/Account/AccessDenied);
options.Events.OnRedirectToLogin = context =>
{
LogManager.GetLogger(this.GetType()).Info("OnRedirectToLogin->RedirectUri: " + context.RedirectUri);
#if DEBUG
context.Response.Redirect(context.RedirectUri);
#else
string strURL = context.RedirectUri.ToLower();
if (strURL.StartsWith("http://"))
{
strURL = strURL.Replace("http://", "https://", StringComparison.CurrentCultureIgnoreCase);
}
context.Response.Redirect(strURL);
#endif
return Task.CompletedTask;
};
});
Logging shows HTTP protocol http://aaaaa.com/Account/Logon?ReturnUrl=%252Fbbb and then Apache
redirect to HTTPS while cutting Account/Logon from URL.
Solution is simple replace HTTP with HTTPS so Apache won't redirects.
Edward and MarkG, I appreciate your hints!