0

Related questions: here - here

I have an ASP.NET application deployed on appharbor. Manually navigating to its https:// url works fine, but I would like to ONLY use HTTPS. That is, redirect to HTTPS if I receive an HTTP request.

There are 2 ways of achieving this, that I'm aware of: (1) using web.config , which does not work due to the X-Forwarded-Proto header being stripped by the load-balancer on appharbor (?) or (2) making a custom httpattribute as shown here

Unfortunately, neither of these approaches work well for me - Both are giving me a redirect loop :(. All the answers I can find are fairly old, has anything changed on appharbor/asp.net that I should be aware of?

Thanks in advance.

Community
  • 1
  • 1
user1202032
  • 1,430
  • 3
  • 15
  • 36

1 Answers1

2

Are you using MVC in your application? The attribute was intended for it.

If it's just regular ASP.NET you could use HTTP Modules or Global.asax to achieve the same effect.

The RequireHttpsAttribute by Rune should work. I use ServiceStack on AppHarbor, but based the attribute I use for that from Rune's code. It's still in use today.

AppHb's load-balancer will set the X-Forwarded-Proto header to match the incoming protocol scheme (http or https), as traffic from the load balancer is forwarded on to your application's IIS instance as HTTP (and therefore the original scheme is lost).

Tyst
  • 861
  • 1
  • 11
  • 26
  • I am using MVC, yes. Im really not sure what i'm doing wrong then. I copy/pasted Rune's code, and renamed it to MyRequireHttpsAttribute Then i added [MyRequireHttpsAttribute] on top of all methods in one of my controllers. Now getting an error about too many redirects – user1202032 Apr 18 '15 at 20:12
  • Are you calling redirect yourself in your own code still, or only the attribute? Is the RequireHttpsAttribute definitely getting hit during your requests? – Tyst Apr 19 '15 at 05:16
  • I placed the attribute on top of my controller class instead of on top of the individual methods. Additionally, i moved the attribute from the "App_Start" fold to its own folder. This seems to have resolved my issue, and im now always connecting using https. Im not sure i completely understand why, though. Thanks for your assistance – user1202032 Apr 19 '15 at 16:03