MVC C# How to force SSL - too_many_redirects

Asked

Viewed 331 times

2

I am trying to force SSL use of my MVC WEB application.

I’ve tried with redirect on the global wing, but it goes into too_many_redirects lopping.

protected void Application_BeginRequest(Object source, EventArgs e)
{
  if (!Context.Request.IsSecureConnection)
  {
      Response.Redirect(Request.Url.AbsoluteUri.Replace("http://", "https://"));
  }
}

How can I force without falling into the problem of redirect?

  • 1

    I imagine you noticed that the too_many_redirects looping indicates that the redirect is being done even when it is already in https, it would be the case to see if Context.Request.Issecureconnection has no side effect preventing detection.

  • 1

    Test with this instead of Context.Request.Issecureconnection, just to get the web off: Httpcontext.Current.Request.url.Absoluteuri.Contains("https://")

  • 1

    Is the test being done on a normal remote server, or do you have any load Balancer, proxy, Cloudflare or something like that? If you have some intermediation, sometimes HTTPS does not reach the final layer.

  • Normal remote server, already tried Context.Request.Issecureconnection and the same occurs, use Cloudflare yes

1 answer

2


Response based on the comment that mentions using Cloudflare

How you use Cloudflare, the way to check the protocol is to refer to the header HTTP_X_FORWARDED_PROTO:

protected void Application_BeginRequest(Object source, EventArgs e)
{
  if (Request.Headers["HTTP_X_FORWARDED_PROTO"] != "https")
  {
      Response.Redirect(Request.Url.AbsoluteUri.Replace("http://", "https://"));
  }
}

The explanation is as follows: in the default configuration, Cloudflare serves the site to the client in HTTPS, but makes the request to your server using HTTP, thus causing new redirection.

Using the header above, you are identifying the actual protocol that the site was served to the final customer.

  • Thank you @Bacco, I will test and put your Resp as correct, thank you

  • @Rboschini actually I had put the example in PHP. Now I converted, but I did not test. If you have any syntax error let me know that I adjust.

  • the code hangs everything correct, but at the time it falls into Prod, it is giving Too Many Redirects, only in cloudflare, in one I have from Locaweb works.

  • 1

    It should be the other way around, in Ocaweb it wasn’t supposed to work :) What you need to see is which headers are actually coming into the application. PHP has phpinfo(); good for debugging, I don’t know what would be an equivalent solution in C#. But just to clarify, what happens is the following: usually in CF, the request is always HTTP, and only "turns" HTTPS when exiting the CF pro client, so your application cannot test the actual protocol, only the CF header. The client will be accessing HTTPS, but exits HTTP from the application’s host.

  • I’ll watch the headers, thanks for the help!!!

Browser other questions tagged

You are not signed in. Login or sign up in order to post.