stackoom
  简体   繁体   中英

IIS/ASP.NET - Infinite redirects in deployed code

 原文  2017-12-06 20:56:45       c#/ asp.net/ ssl/ redirect/ iis

Question

I am getting an infinite redirect loop only when I deploy my code to a Production environment. I am attempting to force SSL on the page by using a simple code redirect. I am running into the issue with a stripped-down old school web form (I'm stuck on .NET 3.5 for this project). All code is below. Any ideas on why I would get an infinite redirect look in Production and not Test?
Notes on test vs production:

  • Test is IIS 10 on Windows 10.
  • Production is IIS 6 on Windows Server 2003 R2.
  • Test uses a self-signed SSL cert.
  • Production uses a fully trusted SSL cert.
  • Identical web.configs

ASPX Markup: 

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="SecurePage.aspx.cs" Inherits="wwwroot.SecurePage" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
        <div>
            This page is secure!
        </div>
    </form>
</body>
</html>

CODE-BEHIND: 

namespace wwwroot
{
    public partial class SecurePage : System.Web.UI.Page
    {

        protected void Page_Load(object sender, EventArgs e)
        {
            if (!Request.Url.ToString().ToLower().StartsWith("https://"))
                Response.Redirect(Request.Url.ToString().ToLower().Replace("http://", "https://"));
        }
    }
}

1 answers

solution1
 1 ACCPTED  2017-12-06 21:28:45

If you have a load balancer (eg IIS ARR ), I would suspect that your application may be receiving http from it. Your code is similar to a check Request.IsSecureConnection which will always be false in such a case, thereby causing the infinite loop. Essentially client -> load balancer is https , then from load balancer -> web farm it's http

...there IS INDEED a load balancer in the equation. I had tried Request.IsSecureConnection at first and got the infinite redirect...I can hit static resources with the https scheme without issue, CSS files, JS files, Images, etc.

Your load balancer will typically (hopefully) have a header that indicates such. You should handle it at the IIS level with a rewrite rule - before it hits the ASP.net pipeline (which is why/how static resources are "unaffected"). You'll have to remove code that checks for it too (don't check and redirect at the ASP.Net level).

Here's a sample I use for a specific provider (obviously you'll have to check with your provider): 

<rule name="Redirect to HTTPS" stopProcessing="true">
    <match url=".*" />

    <conditions>
      <add input="{HTTP_CLUSTER_HTTPS}" pattern="^on$" negate="true" />
      <add input="{HTTP_CLUSTER_HTTPS}" pattern=".+" negate="true" />

    </conditions>
    <action type="Redirect" url="https://{HTTP_HOST}{SCRIPT_NAME}/{REQUEST_URI}" redirectType="SeeOther" />
</rule>

Hth...

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ASP.NET MVC Active Directory code to retrieve all users stops working when deployed to IIS 7 Asp.net: relative paths not working when deployed IIS Using Powershell in an ASP.NET application deployed to an IIS server ASP.net website deployed in IIS not ever loading ASP.NET 4.5 Authentication Redirect Not Working When Deployed on IIS Form authentication against active directory works on IIS Express but errors when deployed to IIS asp.net ASP.Net Core Web API works on IIS Express, but not working when deployed to IIS ASP.NET Core deployed on IIS returns 502 Error for long running requests ASP.NET Web Project deployed to IIS Express not accessible outside localhost IIS Deployed ASP.NET Core application giving intermittent 431 Request headers too long error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM