Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Asp.net core 2.1 UseHttpsRedirection not working in IIS

I deployed my asp.net core 2.1 WebApi to IIS 10. (The IIS worked as a proxy)

I have added a SSL cert in IIS and bindings for both insecure port (8081) and secure port (8082).

But when I visit http://localhost:8081/api/values, the browser just return me 403 Forbidden, not redirect me to https://localhost:8082/api/values.

My StartUp Code is as below:

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddMvc()
           .SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

        services.AddHttpsRedirection(options=>
        {
            options.HttpsPort = 8082;
        });
    }


    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        //app.UseForwardedHeaders();
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseHsts();
        }

        app.UseHttpsRedirection();
        app.UseMvc();
    }
like image 576
Charlie Avatar asked Jan 08 '19 06:01

Charlie


People also ask

What is UseHttpsRedirection .NET Core?

UseHttpsRedirection(); is a single line code, which you have to write under Configure method to secure . NET Core solutions. Moreover, you don't always have to configure this middleware, as most ASP.NET web app templates, such as MVC, come with it by default enabled with it.

How does IIs work with ASP NET Core?

The ASP.NET Core Module receives the native request and passes it to IIS HTTP Server ( IISHttpServer ). IIS HTTP Server is an in-process server implementation for IIS that converts the request from native to managed. The request is sent to the ASP.NET Core middleware pipeline.

Does https redirection work with ASP Core 2?

ASP.NET Core 2.1 comes with new features making it easy to enforce HTTPS. New projects are enabled by default, using UseHttpsRedirection middleware in Startup.Configure to handle the redirection. After migrating to 2.1 and following the Migrate from ASP.NET Core 2.0 article, I expected the HTTPS redirection to work.

What is usehttpsredirection in ASP NET Core?

app.UseHttpsRedirection (); is a single line code, which you have to write under Configure method to secure .NET Core solutions. Moreover, you don’t always have to configure this middleware, as most ASP.NET web app templates, such as MVC, come with it by default enabled with it.

How do I enforce HTTPS with ASP NET Core?

ASP.NET Core 2.1 comes with new features making it easy to enforce HTTPS. New projects are enabled by default, using UseHttpsRedirection middleware in Startup.Configure to handle the redirection.


Video Answer


4 Answers

In my startup.cs i made this settings

public void ConfigureServices(IServiceCollection services)
{
    try
    {
        //..other codes

        services.AddHttpsRedirection(options =>
        {
            options.HttpsPort = 443;
        });
    }
    catch (Exception ex)
    {
        string innerMessage = "";
        if (ex.InnerException != null)
            innerMessage = ex.InnerException.Message;

        Log.Logger.Error("ConfigureServices Message: " + ex.Message + " inner Message:" + innerMessage + "Env.Name:" + _env.EnvironmentName);
    }
}

And in the Configure method, i used like this

        app.UseHttpsRedirection();

        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Error");
            app.UseHsts();
        }
like image 176
Hamit YILDIRIM Avatar answered Oct 08 '22 18:10

Hamit YILDIRIM


In my case, the error was that I was calling things in an unsupported order. By rearranging my code to first call:

app.UserHttpsRedirection()

and then call

app.UseHsts()

it started to work instead of the other way around.

like image 36
Oskar Sjöberg Avatar answered Oct 08 '22 19:10

Oskar Sjöberg


The issue I found was that a change from .net core 2.0 to .net core 2.1 meant that the https port needed to be specified explicitly in startup.cs

services.AddHttpsRedirection(options =>
    {
        options.HttpsPort = 443;
    });

See here for more info: https://github.com/aspnet/AspNetCore/issues/3176

like image 33
Calanus Avatar answered Oct 08 '22 18:10

Calanus


You received this status code because you have selected Require SSL in SSL Settings.

IIS - SSL Settings

IIS - SSL Settings

If you want to use your code to redirect to https unchecked this option.

But first you should read carefully documentation: Enforce HTTPS in ASP.NET Core

Do not use RequireHttpsAttribute on Web APIs that receive sensitive information. RequireHttpsAttribute uses HTTP status codes to redirect browsers from HTTP to HTTPS. API clients may not understand or obey redirects from HTTP to HTTPS. Such clients may send information over HTTP. Web APIs should either:

  • Not listen on HTTP.
  • Close the connection with status code 400 (Bad Request) and not serve the request.
like image 44
kmatyaszek Avatar answered Oct 08 '22 19:10

kmatyaszek