ASP.NET MVC RequireHttps Attribute not working

Question

I am trying to enable HTTPS everywhere in my MVC application. In my FilterConfig.cs I have added the following line:

filters.Add(new RequireHttpsAttribute());

However, when navigating to the site, all functionality is available via HTTP, and HTTPS can only be used if the user explicitly specifies this in their browser's address bar.

When this line of code is present in my local version of the app, it stops working, and I can no longer use HTTP (as I would expect).

I am hosting the application on Azure. Am I missing something?

Answer 1

You could accomplish this by using the URLRewrite module. (Download is here)

Then you could just redirect all requests on port 80 to https using a rule in your web.config.

<rewrite>
<rule name="Redirect to HTTPS" stopProcessing="true">
    <match url="(.*)" />
    <conditions>
        <add input="{HTTPS}" pattern="^OFF$" />
    </conditions>
    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Found" />
</rule>
</rewrite>

Note that you can change the redirectType to Permanent if you have search engine bots crawling your site and you are trying to maintain your SEO.

You can add this rule to your Release config so it is only enforced when you deploy to Azure. That way you can run locally on port 80 while you do your development.