1

I try to understand a strange behavior I've never seen before.

I have a site. HTTP hostname-binding on port 80 are configured. The site are accessible on HTTP.

When I add a HTTPS binding (tried bout SNI and without) I can access the site over HTTPS. But, when I try to access the site over HTTP I get an 307-redirect to HTTPS.

I have no IIS redirect rules or URL Rewrite rules added. Also If I change the HTTPS port to another port eg. 44300, the redirects from HTTP (port 80) updates to redirect to the non-standard-port configured.

Worth to not, it's a .NET Core site. Is there a chance the application can check the IIS bindings and then do a proper redirect here?

Thanks for all your clever ideas!

Edit:

I find a reference to: Microsoft.AspNetCore.HttpsPolicy in a json-file. I dont have the source code.

Also, if I clear the web-root and just add a static index.htm-file the magical redirect will not happen. So, something with the ASP.NET Core application, it seems to read the port number from the IIS configuration, which sounds wired to me.

Sam
  • 370
  • 1
  • 4
  • 18
  • Check the web.config file, maybe something added a rule in the file while publishing. – Swisstone Jan 13 '21 at 12:26
  • No, no rules there. Note It's also auto changes if the port are changed from 443 to 44300 or similar... – Sam Jan 13 '21 at 12:36

1 Answers1

2

.NET Core contains a default HTTP to HTTPS redirection, which can accidentally be activated when it detects the condition met. So if that's not what you desired, find the developers to disable that completely (remove UseHttpsRedirection from the code).

Reference

Lex Li
  • 1,235
  • 8
  • 10
  • Yes, this is according to my understanding after replacing the .NET Core application with a static page. I'm still curious about how the application can determine the custom (non-standard-port) from the IIS bindings configuration. The application shall use HTTPS in future, but currently (during deployment/test) I don't have the HTTPS port opened from outside. I can understand the beauty of having the redirect in code. But I tend to like having hosting specific settings in configuration. – Sam Jan 14 '21 at 08:08
  • 1
    @Sam it can easily learn IIS settings because ASP.NET Core module is there to assist. – Lex Li Jan 14 '21 at 14:14