Reputation: 2429
How to make the cookie authentication middleware redirect to https URIs?
I am using cookie authentication without ASP.NET Core Identity. For unauthenticated requests, the middleware redirects the browser to a login page. The target URI of the redirect is always using the http scheme, even though the initial request is using HTTPS. I want the redirect to always use HTTPS, but I cannot figure out how to make that work.
Here is what I found so far:
- It works when I run Kestrel locally.
- It does not work on my web host.
- My web host is using IIS as a reverse proxy for kestrel.
- Https requests reach the hosted Kestrel as http.
- The cookie authentication middleware uses the request scheme to build the redirection URI. Because of 4) this always results in a redirect to an http-URI.
How do I resolve this? Can I configure IIS to use HTTPS to communicate with Kestrel or can I just somehow force the middleware to output https-URIs?
Upvotes: 0
Views: 309
Answers (1)
Reputation: 30046
For app.UseHttpsRedirection();, you need to specify the HTTPS Port.
Turn to launchSettings.json and change the iisSettings.iisExpress.sslPort to a valid port number like 44371.
If you fail to launch the project after specifying the port, try to Project Property->Debug->check Enable SSL->Save
Upvotes: 0
Related Questions
- Set cookie not over HTTPS in ASP.NET Core
- ASP .NET Core webapi set cookie in middleware
- ASP.NET Core 2.0 custom middleware using cookie authentication
- Asp.Net Core cookie authentication options login path is routed via HTTP
- Can you add a cookie to request with asp.net core middleware?
- .net core 2.0 cookie authentication getting stuck in infinite redirect loop when trying to access over https
- asp.net core redirect http traffic to https issue
- Cookie Middleware not setting cookie properly
- ASP.NET Core MVC - Cookie Middleware w/o Identity
- Cookie middleware in MVC 6