Why does Request.IsSecureConnection return false when true is expected

Question

I have an aspx page which is checking Request.IsSecureConnection to ensure it is true, if not it does a redirect to the the secure page at https://www.domain.com/page.aspx.<

Answer 1

Some load balancers add a new header to the request which you can use to determine if the original request from client came over SSL. With Azure websites the following code seems to work:

if (string.IsNullOrEmpty(Request.Headers["x-arr-ssl"]))
{
     // No SSL
}
else
{
     // Secure connection
}

Some other load balancers may use another header, for example X-Forwarded-Proto.

Answer 2

If there's a load balancing router or similar in front of your web server with ssl termination then the connection from there to your web server won't be over SSL. In this case you usually have to check for a connection on a specific port or for headers being set by the load balancer.