This site can’t provide a secure connection

后端 未结 4 1780
被撕碎了的回忆
被撕碎了的回忆 2021-02-12 10:51

When I added the URL rewrite code in web.config and then publish it into azure. it will automatically redirects to https even I am trying to access website with http.

         


        
相关标签:
4条回答
  • 2021-02-12 11:15

    I solved this problem with older version of Chrome web browser.

    This is the list of older chrome versions where you can download and install it.

    60.0.3112.90 - for Ubuntu is the version that works just fine for me.

    Maybe it's little slower then newer versions but i found it's pretty good for production (:

    0 讨论(0)
  • 2021-02-12 11:30

    What I do personally is put that rewrite configuration into Web.Release.config precisely because it is a bit fiddly to get it working locally.

    The problem is that IIS Express will expose HTTP and HTTPS on different ports, so if you redirect from http://localhost:1234 to https://localhost:1234, it simply won't work, because IIS Express is exposing HTTPS on something like https://localhost:44300.

    You can enable SSL/TLS on IIS Express (and you should), but I would leave the rewrite rule only for Release mode.

    Here is an example Web.Release.config file:

    <?xml version="1.0"?>
    <configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
      <system.web>
        <compilation xdt:Transform="RemoveAttributes(debug)" />
      </system.web>
      <system.webServer>
        <rewrite xdt:Transform="Insert">
          <rules>
            <!-- Redirects users to HTTPS if they try to access with HTTP -->
            <rule
              name="Force HTTPS"
              stopProcessing="true">
              <match url="(.*)"/>
              <conditions>
                <add input="{HTTPS}" pattern="^OFF$" ignoreCase="true"/>
              </conditions>
              <action
                type="Redirect"
                url="https://{HTTP_HOST}/{R:1}"
                redirectType="Permanent"/>
            </rule>
          </rules>
          <outboundRules>
            <!-- Enforces HTTPS for browsers with HSTS -->
            <!-- As per official spec only sent when users access with HTTPS -->
            <rule
              xdt:Transform="Insert"
              name="Add Strict-Transport-Security when HTTPS"
              enabled="true">
              <match serverVariable="RESPONSE_Strict_Transport_Security"
                  pattern=".*" />
              <conditions>
                <add input="{HTTPS}" pattern="on" ignoreCase="true" />
              </conditions>
              <action type="Rewrite" value="max-age=31536000" />
            </rule>
          </outboundRules>
        </rewrite>
      </system.webServer>
    </configuration>
    

    Note that I also add HSTS here. It inserts the <rewrite> element into Web.config in Release mode. The <system.webServer> element already exists in Web.config, otherwise I would be inserting that.

    0 讨论(0)
  • 2021-02-12 11:34

    On my end, I found out that there was a javascript code that redirects the site from http to https. So try to explore your environment if there are other code responsible for that issue. Hope this can help. Thanks

    0 讨论(0)
  • 2021-02-12 11:36

    You will have to configure Visual Studio Server to be used with HTTPS. Please go through this link for details:
    HTTPS with Visual Studio's built-in ASP.NET Development Server

    0 讨论(0)
提交回复
热议问题