RequireHttps causes redirect loop on Amazon Elastic Load Balancer

Question

I have an ASP.NET MVC 4 application running behind Amazon\'s elastic load balancer. Everything works OK when I install my SSL certificate on the load balancer and t

Answer 1

I was experiencing the same issue I found that the following RequireHttpsAttribute filter worked for me.

public class SSLFilter : RequireHttpsAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        if (filterContext == null)
        {
            throw new ArgumentNullException("filterContext");
        }

        if (filterContext.HttpContext.Request.IsLocal ||
            (filterContext.RequestContext.HttpContext.Request.Headers.AllKeys.Contains("X-Forwarded-Proto") &&
            filterContext.RequestContext.HttpContext.Request.Headers.Get("X-Forwarded-Proto").ToLower().Equals("https")))
        {
            return;
        }

        base.OnAuthorization(filterContext);
    }
}

Answer 2

It seems that to use this functionality on AWS, you look at the "X-Forwarded-Proto" HTTP header item. If the initial request is HTTPS, the load balancer injects the header and it says "https". If it's HTTP, it says, "http".

Answer found here: http://aws.typepad.com/aws/2010/10/keeping-customers-happy-another-new-elastic-load-balancer-feature.html

Answer 3

I provided a solution for this in the following link: https://stackoverflow.com/questions/37954796/requirehttpsattribute-with-netcore-rc2-causes-http302-redirect-loop-on-azure#=

Which says:

You can work around this by adding the following lines to ConfigureServices in Startup.cs (and add "using Microsoft.AspNetCore.HttpOverrides;")

services.Configure<ForwardedHeadersOptions>(options =>
        {
            options.ForwardedHeaders = ForwardedHeaders.XForwardedProto;
        });