发表新帖
发表新帖

HTTPS with URL rewriting is not working on appharbor

前端 未结
关注
2 571
谎友^
谎友^ 2021-01-07 04:04

I have built an application on asp.net 3.5 which is hosted on AppHarbor. The problem is that on HTTPS URL rewriting is not working. The following is the code to run some of

相关标签:
2条回答
  • 清歌不尽
    2021-01-07 04:53

    RequireHttpsAttribute: If you're using the built-in RequireHttpsAttribute to ensure that a controller action always uses HTTPS you will experience a redirect loop. The reason is that SSL is terminated at the load balancer level and RequireHttps doesn't recognize the X-Forwarded-Proto header it uses to indicate that the request was made using HTTPS.

    The "meat" is in bold.

    See: AppHarbor SSL FAQ - specifically the Troubleshooting section.

    It's the same issue if you have an SSL concentrator or similar device in front of your web server(s). It's quite common in "cloud hosting" environments....

    Hth....

    0 讨论(0)
  • 慢半拍i
    2021-01-07 04:58

    Like EdSF mentioned, the problem you are experiencing is because the SSL (HTTPs) is at the load-balancer level. Meaning, all requests that come into your ASP.NET application will be HTTP.

    So in your application running on AppHarbor, the following will always be true:

    Request : https://mysite.com/about
---------------------------------------------------------------------------------
-> Request.Url.Scheme // http
-> Request.Url.AbsoluteUri // http://mysite.com:port/about
-> Request.issecure // false

    You rewrite rules are relying on the protocal/scheme to be https and it never will be, causing an infinite loop.

    The way to check for HTTPS in your ASP.NET application running on AppHarbor would be the following:

    string.Equals(Request.Headers["X-Forwarded-Proto"], 
              "https", 
              StringComparison.InvariantCultureIgnoreCase);

    I also host my web application on AppHarbor and needed a better solution so I created the SecurePages project (NuGet - GitHub). This project allows you to configure secure/https URLs with string literals as well as regex. It also forces all other URLs to use HTTP. You can also register custom predicate delegates that act as HTTPs request matching rules. So you could register one for AppHarbor to check the headers:

    //Secure a page    
secureUrls.AddUrl("/Register.aspx");

//Secure any page under /cart/*
secureUrls.AddRegex(@"(.*)cart", RegexOptions.IgnoreCase);

//Register a custom HTTPs match rule for AppHarbor
SecurePagesConfiguration.RegisterCustomMatchRule(
                c => string.Equals(c.Request.Headers["X-Forwarded-Proto"], "https", StringComparison.InvariantCultureIgnoreCase));

    Secure pages also supports Unit Testing and local browser testing with IIS Express.

    0 讨论(0)
 看不清?
提交回复
热议问题