20

I have created a redirect rules in my web.config to redirect my website from http to https. The issue i have is that every single link on the website is now https. I have a lots of link to other website which don't have SSL and therefore i get certificate errors. This is what i have done:

  <rewrite>
  <rules>
    <rule name="HTTP/S to HTTPS Redirect" enabled="true" stopProcessing="true">
      <match url="(.*)" />
      <conditions logicalGrouping="MatchAny">
        <add input="{SERVER_PORT_SECURE}" pattern="^0$" />
      </conditions>
      <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
    </rule>
  </rules>
</rewrite>

How can i redirect https only for my domain and not every links on my website?

Improve this question
2
  • finalcodingtutorials.blogspot.ae/2017/03/… Commented Apr 10, 2017 at 11:04
  • This makes no sense. Rewrite only changes requests coming into the server. It doesn't change the html responses coming back from the server. Commented Jun 28, 2019 at 3:57

6 Answers 6

Reset to default
16

Edit: While it still works, things changed a bit since I wrote this answer. Please check D.L.MAN's more up to date answer: https://stackoverflow.com/a/56800707/844207

In asp.net Core 2 you can use an URL Rewrite independent of the Web Server, by using app.UseRewriter in Startup.Configure, like this:

        if (env.IsDevelopment())
        {
            app.UseBrowserLink();
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");

            // todo: replace with app.UseHsts(); once the feature will be stable
            app.UseRewriter(new RewriteOptions().AddRedirectToHttps(StatusCodes.Status301MovedPermanently, 443));
        }
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

The UseRewriter method comes from the following using statement: using Microsoft.AspNetCore.Rewrite;
11

Actually (ASP.NET Core 1.1) there is a middleware named Rewrite that includes a rule for what you are trying to do.

You can use it on Startup.cs like this:

var options = new RewriteOptions()
    .AddRedirectToHttpsPermanent();

app.UseRewriter(options);
Improve this answer

2 Comments

here's some additional resource learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl
For Asp .Net Core 2.1 onwards, use app.UseHttpsRedirection(); middleware. Ref: learn.microsoft.com/en-us/aspnet/core/security/…
11

In ASP.NET Core 2.2 you should use Startup.cs settings for redirect http to https

so add this in ConfigureServices:

public void ConfigureServices(IServiceCollection services)
{
    services.AddHttpsRedirection(options =>
    {
        options.HttpsPort = 443;
    });                           // <=== Add this (AddHttpsRedirection) =====

    services.AddRazorPages();  
}

and add this in Configure :

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
        app.UseDatabaseErrorPage();
    }
    else
    {
        app.UseExceptionHandler("/Home/Error");
        app.UseHsts();            // <=== Add this =====
    }

    app.UseHttpsRedirection();    // <=== Add this =====
}

in launchSettings.json check blow items exsits:

{
  "iisSettings": {
    "windowsAuthentication": false,
    "anonymousAuthentication": true,
    "iisExpress": {
      "applicationUrl": "http://localhost:63278",
      "sslPort": 44377      // <<===  check this port exists.
    }
  },
  "YOUR_PROJECT_NAME": {
      "commandName": "Project",
      "dotnetRunMessages": "true",
      "launchBrowser": true,
      "applicationUrl": "https://localhost:5001;http://localhost:5000",  // <=== check https url exists.
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    }
  }
}

then enjoy it.

Improve this answer

Comments

4

asp.net core < 2 just put this code into your startup.cs

        // IHostingEnvironment (stored in _env) is injected into the Startup class.
        if (!_hostingEnvironment.IsDevelopment())
        {
            services.Configure<MvcOptions>(options =>
            {
                options.Filters.Add(new RequireHttpsAttribute());
            });
        }
Improve this answer

Comments

4

You will need to add also the following code in .net core 2.1 

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/Error");
        app.UseHsts();
    }

    app.UseHttpsRedirection();
    app.UseStaticFiles();
    app.UseCookiePolicy();

    app.UseMvc();
}

and the following part in service configuration

       services.AddHttpsRedirection(options =>
       {
        options.RedirectStatusCode = StatusCodes.Status307TemporaryRedirect;
        options.HttpsPort = 5001;
        });
Improve this answer

Comments

2

In ASP.NET Core 2.1 just use this:

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/Error");
        app.UseHsts();   // <-- Add this !!!!!
    }

    app.UseHttpsRedirection(); // <-- Add this !!!!!
    app.UseStaticFiles();
    app.UseCookiePolicy();

    app.UseMvc();
}
Improve this answer

1 Comment

relevant docs: learn.microsoft.com/en-us/aspnet/core/security/…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.