When I land on my application via HTTPS, it correctly redirects to identity server over HTTP. The user then provides their credentials, after which IdentityServer redirects it back to my application over plain HTTP. I'm currently not exposing my application over plain HTTP, and if at all poss...