This site can’t provide a secure connection

Question

When I added the URL rewrite code in web.config and then publish it into azure. it will automatically redirects to https even I am trying to access website with http.

Answer 1

I solved this problem with older version of Chrome web browser.

This is the list of older chrome versions where you can download and install it.

60.0.3112.90 - for Ubuntu is the version that works just fine for me.

Maybe it's little slower then newer versions but i found it's pretty good for production (:

Answer 2

What I do personally is put that rewrite configuration into Web.Release.config precisely because it is a bit fiddly to get it working locally.

The problem is that IIS Express will expose HTTP and HTTPS on different ports, so if you redirect from http://localhost:1234 to https://localhost:1234, it simply won't work, because IIS Express is exposing HTTPS on something like https://localhost:44300.

You can enable SSL/TLS on IIS Express (and you should), but I would leave the rewrite rule only for Release mode.

Here is an example Web.Release.config file:

<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
  <system.web>
    <compilation xdt:Transform="RemoveAttributes(debug)" />
  </system.web>
  <system.webServer>
    <rewrite xdt:Transform="Insert">
      <rules>
        <!-- Redirects users to HTTPS if they try to access with HTTP -->
        <rule
          name="Force HTTPS"
          stopProcessing="true">
          <match url="(.*)"/>
          <conditions>
            <add input="{HTTPS}" pattern="^OFF$" ignoreCase="true"/>
          </conditions>
          <action
            type="Redirect"
            url="https://{HTTP_HOST}/{R:1}"
            redirectType="Permanent"/>
        </rule>
      </rules>
      <outboundRules>
        <!-- Enforces HTTPS for browsers with HSTS -->
        <!-- As per official spec only sent when users access with HTTPS -->
        <rule
          xdt:Transform="Insert"
          name="Add Strict-Transport-Security when HTTPS"
          enabled="true">
          <match serverVariable="RESPONSE_Strict_Transport_Security"
              pattern=".*" />
          <conditions>
            <add input="{HTTPS}" pattern="on" ignoreCase="true" />
          </conditions>
          <action type="Rewrite" value="max-age=31536000" />
        </rule>
      </outboundRules>
    </rewrite>
  </system.webServer>
</configuration>

Note that I also add HSTS here. It inserts the <rewrite> element into Web.config in Release mode. The <system.webServer> element already exists in Web.config, otherwise I would be inserting that.

Answer 3

On my end, I found out that there was a javascript code that redirects the site from http to https. So try to explore your environment if there are other code responsible for that issue. Hope this can help. Thanks

Answer 4

You will have to configure Visual Studio Server to be used with HTTPS. Please go through this link for details:
HTTPS with Visual Studio's built-in ASP.NET Development Server