How to exclude a controller of being redirect to https in ASP.NET Core 1.1

Question

Following this nice article https://long2know.com/2016/07/asp-net-core-enforcing-https/ i try to enforce HTTPS but with the exception of one single web-api controller that have to response to an embedded system not capable of SSL. The problem exist in the following Configure section of startup.cs.

        var options = new RewriteOptions()
           .AddRewrite("^api/&", "/api/", skipRemainingRules: true) 
           .AddRedirectToHttps(302, sslPort);

        app.UseRewriter(options);

With the AddRewrite line (that doesn't replace anything) i try to trigger skipRemainingRules in order to avert the redirection. This is working at development in IIS express (trough localhost) but not at the production enviroment behind IIS. Apperently the SkipRemainingRules does not prevent the AddRedirectToHttps of enter into force.

Many thanks for any clue the may solve this.

Answer 1

I'm aware that my response is quite late, but maybe it will help someone.

var options = new RewriteOptions()
            .AddRewrite(@"^api/(.*)", "api/$1", true)
            .AddRedirectToHttps(302, sslPort);
app.UseRewriter(options);

With this solution one can call /api/... on http, every other request will be redirected to https.

I've testes this solution with .Net Core 2.1.