Aspnetcore: HttpsRedirectionMiddleware will not redirect to HTTPS if no port is available

Hello @jkotalik ... You said in the announcement ...

we will now not redirect to HTTPS if no port is available

... but the API at https://docs.microsoft.com/dotnet/api/microsoft.aspnetcore.httpspolicy.httpsredirectionoptions.httpsport#remarks says ...

If the HttpsPort is not set, we will try to get the HttpsPort from the following:

1. HTTPS_PORT environment variable
2. IServerAddressesFeature
3. 443 (or not set)

Are the API comments in need of an update?

Indeed, step 3 was removed as it caused problems when HTTPS was not available.

I'm planning on using this language for a doc update ...

If no port is set, the request isn't redirected. To specify an HTTPS port:

• Set HttpsRedirectionOptions.HttpsPort. See the preceding example that shows how to set the port to 5001.
• Set the ASPNETCORE_HTTPS_PORT environment variable.
• Set an HTTPS URL for the browser to launch in launchsettings.json (Visual Studio/command line) or launch.json (Visual Studio Code).

Set an HTTPS URL for the browser to launch in launchsettings.json (Visual Studio/command line) or launch.json (Visual Studio Code).

Careful with that one. It's more about setting an HTTPS URL to start the server on. Launching the browser is incidental.

Ok :point_up:

I'm still having trouble groking the behavior. I add the middleware to a vanilla RP app, and the app redirects to 5001 when I didn't explicitly set the port. That doesn't jive with "If no port is set, the request isn't redirected."

Ok ... this makes more sense now ...

var serverAddressFeature = app.ServerFeatures.Get<IServerAddressesFeature>();
if (serverAddressFeature != null)
{
    app.UseMiddleware<HttpsRedirectionMiddleware>(serverAddressFeature);

I think you're overlooking the discovery steps, and the fact that VS can set it for you.

I'm in VSC, which I didn't think was setting it. I thought the discovery step is IServerAddressesFeature in this case.

There is conflicting info here and in the docs for the name of the environment variable: ASPNETCORE_HTTPS_PORT vs HTTPS_PORT.

The source for HttpsRedirectionMiddleware.TryGetHttpsPort() confirms that it's looking for the HTTPS_PORT variable.

To be safe, I've added both environment variables to the server with the value 443. After deploying a new ASP.NET Core 2.1 app (running behind IIS 8), I started seeing the following in the logs, and the https redirect is hit or miss:

Failed to determine the https port for redirect.

How can I determine why the redirect is working for some requests, but not others? Also, since Kestrel is running on a seemingly randomly-assigned localhost port behind IIS, where exactly is the https 443 redirect supposed to apply? To Kestrel or to IIS? IIS seems like the obvious answer here, but since I don't fully understand the concept of IIS acting as a reverse proxy for Kestrel, figured it wouldn't hurt to ask.

ASPNETCORE_HTTPS_PORT vs HTTPS_PORT.

https://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-2.1#prefixes

Specifically: "The prefix is stripped off when the configuration key-value pairs are created." So you should only need to set ASPNETCORE_HTTPS_PORT. The HttpsRedirectionMiddleware looks for HTTPS_PORT because the ASPNETCORE_ prefix has already been stripped off as configuration kvp have been created.

After deploying a new ASP.NET Core 2.1 app (running behind IIS 8), I started seeing the following in the logs, and the https redirect is hit or miss.

This one seems interesting. @javiercn @Tratcher can you remind me of what the flow is when HTTPS is enabled for ANCM+Kestrel? The flakiness could be an issue though. Are you sending the same request multiple times and seeing different results?

I don’t know how it can be either flacky or wrong. HTTPS_PORT will win over ASPNETCORE_HTTPS_PORT but both should be available when Kestrel is being configured, so no idea why the middleware is producing that log entry.

I’m more inclined to think there’s an issue in the config of IIS than anything else.

@jayoma Thanks for contacting us. This is a discussion issue. If you are experiencing problems please file a separate issue in the appropriate repo (Home) and we’ll follow up there.

Note that the error is only logged once on the first request. You shouldn't get different behavior per request unless they somehow mess up their x-forwarded-proto headers.

Thanks for the replies. I'll look into this a bit more tomorrow with my particular setup, and see if I can provide better insight.

I’m more inclined to think there’s an issue in the config of IIS than anything else.

I'm intrigued by this comment; while I'm not terribly familiar with the ins and outs of our IIS configuration as a whole, this website was a pretty standard setup.

Note that the error is only logged once on the first request.

Also great to know. I was wondering why it only logged the warning once.

Clarification: Where do you set ASPNETCORE_HTTPS_PORT? IIS runs as a different user and won't pick up your user environment variables. If you changed system env vars you'd have to restart IIS.

If you changed system env vars you'd have to restart IIS.

Yes, it was set on the system env vars, and we did actually think to restart IIS, but thanks for confirming that was needed. I haven't had a chance yet to look into this further, but will update here as soon as I'm able to.

With a Self-contained deployment, is the .NET Core Hosting Bundle still needed? Turns out we have an older version of the bundle installed on our servers, and I'm unable to restart IIS on those servers at this time to test if installing the new bundle will resolve the issue.

Specifically: "The prefix is stripped off when the configuration key-value pairs are created." So you should only need to set ASPNETCORE_HTTPS_PORT. The HttpsRedirectionMiddleware looks for HTTPS_PORT because the ASPNETCORE_ prefix has already been stripped off as configuration kvp have been created.

This doesn't look to work now. I'm using .AddEnvironmentVariables() and I see ASPNETCORE_HTTPS_PORT in the list, but HttpsRedirectionMiddleware always getting null value.

That should be .AddEnvironmentVariables("ASPNETCORE_")

HTTP: 5000
HTTPS: 5001

On localhost, redirect works correctly from HTTP 5000 to HTTPS 5001. But on linux server the server redirects to HTTPS 5000 (tries to redirect to HTTP port with HTTPS).

I have set port using

services.AddHttpsRedirection(opts =>
            {
                opts.HttpsPort = 5001;
                opts.RedirectStatusCode = StatusCodes.Status308PermanentRedirect;
            });

and also I have checked that HTTPS_PORT env var is set to 5001 also, but still redirects to wrong port, but only on linux server.

// HTTPS_PORT = 5001
Console.WriteLine("HTTPS_PORT = " + Environment.GetEnvironmentVariable("HTTPS_PORT"));

We periodically close 'discussion' issues that have not been updated in a long period of time.

We apologize if this causes any inconvenience. We ask that if you are still encountering an issue, please log a new issue with updated information and we will investigate.