My web application is redirecting to secure and I can't stop it

Question

I have an MVC4 application. On my base controller, I have a conditional redirect to secure WebPageRequireHttpsAttribute when not in DEBUG that all other page-serving controllers inherit like so:

#if !DEBUG
    [WebPageRequireHttps]
#endif
    public abstract class SecureController : Controller
    {
        ...

My WebPageRequireHttpsAttribute is defined like this:

[SuppressMessage("Microsoft.Performance", "CA1813:AvoidUnsealedAttributes",
    Justification = "Unsealed because type contains virtual extensibility points.")]
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public class WebPageRequireHttpsAttribute : FilterAttribute, IAuthorizationFilter
{
    public virtual void OnAuthorization(AuthorizationContext filterContext)
    {
        if (filterContext == null)
        {
            throw new ArgumentNullException("filterContext");
        }

        if (!filterContext.HttpContext.Request.IsSecureConnection)
        {
            HandleNonHttpsRequest(filterContext);
        }
    }

    protected virtual void HandleNonHttpsRequest(AuthorizationContext filterContext)
    {
        // only redirect for GET requests, otherwise the browser might not propagate the verb and request
        // body correctly.

        if (!String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
        {
            throw new InvalidOperationException(
                "Only redirect for GET requests, otherwise the browser might not propagate the verb and request body correctly.");
        }

        // redirect to HTTPS version of page
        if (filterContext.HttpContext.Request.Url == null) return;
        var url = "https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
        filterContext.Result = new RedirectResult(url, true);
    }

That's it. That's the only point where redirecting is done for web pages (I have something similar for webapi pages).

Having my site in DEBUG mode, with the DEBUG constant set, I am getting redirected to the HTTPS page, which of course does not exist on my dev box, and I absolutely cannot figure out why. I have commented out the attribute, I have even removed the class, and it's still getting redirected. I am pulling my hair out here.

Can IIS Express have something strange cached? Can it be applying the redirect attribute as a filter for all requests regardless of whether or not it is invoked? This is driving me crazy.

Answer 1

OK, the answer had nothing to do with Visual Studio, C#, or ASP.NET MVC... rather my default browser, namely Chrome. I was sending a 301 (permanent redirect), and Chrome cached that. Under normal circumstances, that would be a good thing; for development work, not so much.

To remove the cached redirect from Chrome, I opened the Chrome options, Settings, clicked the "Show Advanced Settings". Under Privacy, I clicked the "Clear Browsing Data..." button, and checked the following options:

• Clear browsing history
• Clear download history
• Delete cookies and other site and plug-in data
• Empty the cache

and set the dropdown time period for 1 week. Then I clicked the "Clear Browsing Data" button again.

I'm pretty sure I only needed one of those options, but I was too frustrated with this annoying issue that I used the shotgun approach. However, this worked.