Convert http to https in .Net core - asp.net-core

I have asp.net core application. It works well but we are going to use https then. What I have to do?
Steps in local development and in production?
For example, in local the url is http://localhost:12345; but we want https://localhost:12345
update:
In production I am talking about hosting in IIS

In local development, you don't have to change anything if you're using IIS to expose your service.
In IIS either
check 'require SSL' for your site under 'SSL settings'
or if you want to redirect http traffic to https; do NOT check 'require SSL', but add a redirect rule
Like so
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>

Related

IIS 8.5: Force all sites to use HTTPS

Wanting to know if there is a way to force all sites in IIS 8.5 to HTTPS instead of HTTP without having to create rewrite rules for each site we deploy to the box. We had one site get deployed to an internal server where the rules were not written in the config file and were just looking for a way to alleviate that miss in the future.
You can set this rule in applicationHost.config.
<rewrite>
<globalRules>
<rule name="http to https" enabled="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^Off$" />
</conditions>
<action type="Rewrite" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</globalRules>
</rewrite>

URL Rewrite Module - Redirect http to https to particular port

I am using URL Rewrite to redirect HTTP to HTTPS.
All the steps are done & working including the changes in web.config.
https://www.sslshopper.com/iis7-redirect-http-to-https.html
<rewrite>
<rules>
<rule name="RedirectToHTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{SERVER_NAME}/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
I am facing the below issue while redirecting.
I want to redirect the application to a port 90.
I have 2 applications, one is on default port & another is on 90 port.
So when somebody access -
http://xxx.xxx.x.xxx:90 then it is redirecting to :-
https://xxx.xxx.x.xxx
i want it to redirect to https://xxx.xxx.x.xxx:90
Any thought on how to do this?
It is not safe to use any other port with https. the default port for the https is 443.so it is recommended to use the default https port.
if you still want to use the different port with your HTTP binding then make sure your site binding is correct.
use the below rule to redirect the HTTP to https;
<rule name="redirect https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://192.168.3.66:90/{R:1}" />
</rule>
set the redirect URL based on requirement with https and port 90.

IIS Rewrite Reverse Proxy getting HTTP 502 error when using SSL

I am looking for ideas/suggestions to setup/troubleshoot a configuration that allows me to debug a scenario as follows.
I am using IIS 10, Visual Studio 2017
I have a web application that posts a message to a 3rd party site.
The 3rd party site then posts a response back to my web application.
IIS has a reverse proxy (shown below) the directs the post from the 3rd party application to IIS Express where
my app is running in IIS Express (VS 2017).
All connections use SSL. IIS Express is using a self signed cert that comes with VS2017.
Calling the app running on IIS Express from the 3rd party app via the reverse proxy worked until I changed to using SSL.
(This solution requires SSL).
url="https://10.10.203.132:44349/{R:1}" -> this is the computer where my app is running in VS2017.
Now I get a 502 error subcode 3 and my app is never called. No other info in Failed request tracing
Any suggestions?
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Reverse Proxy" enabled="true" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="https://10.10.203.132:44349/{R:1}" />
</rule>
</rules>
<outboundRules>
<rule name="Ensure samesite Cookies" preCondition="Missing samesite cookie">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
<action type="Rewrite" value="{R:0}; SameSite=None" />
</rule>
<preConditions>
<preCondition name="Missing samesite cookie">
<!-- Don't remove the first line here, it does do stuff! -->
<add input="{RESPONSE_Set_Cookie}" pattern="." />
<add input="{RESPONSE_Set_Cookie}" pattern="; SameSite=None" negate="true" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
</system.webServer>
<system.webServer>
<rewrite>
<rules>
<rule name="Reverse Proxy" enabled="true" stopProcessing="true">
<match url="(.*)" />
<action type="Redirect" url="https://10.10.203.132:44349/{R:1}" appendQueryString="true" logRewrittenUrl="false" />
<conditions logicalGrouping="MatchAll">
<add input="{SERVER_PORT_SECURE}" pattern="0" /></conditions>
</rule>
</rules>
Here is another solution.
https://www.namecheap.com/support/knowledgebase/article.aspx/9953/38/iis-redirect-http-to-https
Feel free to let me know if the problem still exists.

Application deploy in IIS

web Application deployed in IIS.Add port 443 for HTTPS.
And also create new SSL certificate for HTTPS.
finally,login in my application(its done).Once I refresh the browser.IIS 443 (Https)port automatically removed in IIS and application can't reached
It seems you don't set the url rewrite to redirect from http to https.
I suggest you could install the url rewrite module and add below url rewrite in the web.config to redirect all the request from http to https:
<rewrite>
<rules>
<rule name="Redirect to http" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" negate="false" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Found" />
</rule>
</rules>
</rewrite>
Details, you could refer to below article:
https://blogs.technet.microsoft.com/dawiese/2016/06/07/redirect-from-http-to-https-using-the-iis-url-rewrite-module/

Force to use HTTPS redirects page to http://http/ url

I have added this code into my Configuration -> system.webServer section of web.config file to force users to use https:
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
redirectType="Permanent" />
</rule>
</rules>
<outboundRules>
<rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
<match serverVariable="RESPONSE_Strict_Transport_Security"
pattern=".*" />
<conditions>
<add input="{HTTPS}" pattern="on" ignoreCase="true" />
</conditions>
<action type="Rewrite" value="max-age=31536000" />
</rule>
</outboundRules>
</rewrite>
But when I go to my website, it redirects page to this url:
http://http/
Notes:
I am using Orchard CMS version 1.10.x
When I use Orchard's SSL plugin to force all pages to use SSL, this happens again.
SSL Redirection is enabled in Orchard's settings.
SSL/TLS Certificate is correctly set in my Plesk control panel.
Website is currently secured using "Let's Encrypt". This issue happens when I use Cloudflare services too.
This happens on every web browser I've tested.
I use the same rewrite rules to redirect my pages to https using Orchard on a Plesk panel with Let's Encrypt certificates. This rule redirects every http call to https.
You have to disable the Orchard Secure Sockets Layer plugin since you make your own rules in web.config.
If you want to use the Orchard plugin, remove your rewrite rules and work with the plugin instead.