I have an ASP.NET MVC 4 application running behind Amazon's elastic load balancer. Everything works OK when I install my SSL certificate on the load balancer and the web server and terminate SSL at the web server layer.
However, when I attempt to terminate at the load balancer layer, forwarding internal traffic from the load balancer to web servers un-encrypted on port 80, the RequireHttps attribute causes a redirect loop. This seemingly makes sense as it is requesting an encrypted channel and doesn't know that it is getting one (between the browser and load balancer). Has anyone run into this same issue? Any suggestions would be appreciated!
Edit: The solution
The following links may be useful to anyone else who runs into this issue:
MVC3, RequireHttps and custom handler result in http 310
https://gist.github.com/915869
It seems that to use this functionality on AWS, you look at the "X-Forwarded-Proto" HTTP header item. If the initial request is HTTPS, the load balancer injects the header and it says "https". If it's HTTP, it says, "http".
Answer found here: http://aws.typepad.com/aws/2010/10/keeping-customers-happy-another-new-elastic-load-balancer-feature.html
I was experiencing the same issue I found that the following RequireHttpsAttribute filter worked for me.
public class SSLFilter : RequireHttpsAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (filterContext.HttpContext.Request.IsLocal ||
(filterContext.RequestContext.HttpContext.Request.Headers.AllKeys.Contains("X-Forwarded-Proto") &&
filterContext.RequestContext.HttpContext.Request.Headers.Get("X-Forwarded-Proto").ToLower().Equals("https")))
{
return;
}
base.OnAuthorization(filterContext);
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With