Merge pull request 'Refactored forced https redirection' (#15) from notifications into master

Reviewed-on: #15

ShopAdmin/Program.cs

@@ -65,16 +65,19 @@ builder.Services.AddAuthentication(options =>
         RoleClaimType = "groups"
     };
 
-    builder.Services.AddOptions<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme).Configure(options =>
+    options.Events = new OpenIdConnectEvents
     {
-        options.Events.OnRedirectToIdentityProvider = context =>
+        OnRedirectToIdentityProvider = context =>
         {
-            context.ProtocolMessage.RedirectUri = context.ProtocolMessage.RedirectUri.Replace("http://", "https://");
+            var fallbackUri = context.ProtocolMessage.RedirectUri;
+
+            if (fallbackUri.StartsWith("http://", StringComparison.OrdinalIgnoreCase))
+                context.ProtocolMessage.RedirectUri = fallbackUri.Replace("http://", "https://", StringComparison.OrdinalIgnoreCase);
 
             return Task.CompletedTask;
+        }
     };
 });
-});
 
 builder.Services.Configure<ForwardedHeadersOptions>(options =>
 {
@@ -90,6 +93,8 @@ var scheduler = await schedulerFactory.GetScheduler(ShopSchedulerName);
 if (!scheduler!.IsStarted)
     await scheduler.Start();
 
+app.UseForwardedHeaders();
+
 if (!app.Environment.IsDevelopment())
 {
     app.UseExceptionHandler("/Error", createScopeForErrors: true);
@@ -105,7 +110,6 @@ app.UseStatusCodePagesWithReExecute("/not-found", createScopeForStatusCodePages:
 
 app.UseHttpsRedirection();
 app.UseAntiforgery();
-app.UseForwardedHeaders();
 
 app.UseAuthentication();
 app.UseAuthorization();
@@ -114,6 +118,7 @@ app.MapStaticAssets();
 
 app.MapGet("/auth/login", (string redirectUri = "/") =>
     Results.Challenge(new AuthenticationProperties { RedirectUri = redirectUri }, [OpenIdConnectDefaults.AuthenticationScheme]));
+
 app.MapGet("/auth/logout", async (HttpContext context) =>
 {
     await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);