Request.Url.GetLeftPart(UriPartial.Authority) returns http on https site

Question

We use Request.Url.GetLeftPart(UriPartial.Authority) to get the domain part of the site. This served our requirement on http. We recently change site to https (about 3 days ago) but this still returns with http://.. Urls were all changed to https and show in browser address bar.

Any idea why this happens?

If want to get the domain name then use this Environment.UserDomainName — Rachit Patel, Jun 03 '14 at 07:20
I want the protocol and the domain/port here, not only domain name. — kapz, Jun 03 '14 at 07:35

score 26 · Accepted Answer · edited Oct 14 '14 at 17:51

The following example works fine and returns a string with "https":

var uri = new Uri("https://www.google.com/?q=102njgn24gk24ng2k");
var authority = uri.GetLeftPart(UriPartial.Authority);
// authority => "https://www.google.com"

You either have an issue with the HttpContext class right here, or all your requests are still using http:

You can check the requests HttpContext.Current.Request.IsSecureConnection property. If it is true, and the GetLeftPart method still returns http for you, I think you won't get around a replacing here.
If all your requests are really coming with http, you might enforce a secure connection in IIS.

You should also inspect the incoming URL and log it somewhere for debugging purposes.

Your 2nd point is the problem! They've binded SSL at the DNS level (I've no idea about this). IIS only has the port 80 open so there it's still http. — kapz, Jan 16 '15 at 15:21

score 7 · Answer 2 · answered Oct 18 '18 at 13:51

This can also happen when dealing with a load balancer. In one situation I worked on, any https requests were converted into http by the load balancer. It still says https in the browser address bar, but internally it's a http request, so the server-side call you are making to GetLeftPart() returns http.

score 4 · Answer 3 · answered Aug 29 '17 at 05:07

4

If your request is coming from ARR with SSL Offloading, Request.Url.GetLeftPart(UriPartial.Authority) just get http

answered Aug 29 '17 at 05:07

heavenwing

588
4
7

nimblebit · Answer 4 · 2023-05-16T14:51:35.193

On a load balanced site you can check if it is running using ssl with the following...

String.Equals(Request.ServerVariables["HTTP_X_FORWARDED_PROTO"], "https", StringComparison.OrdinalIgnoreCase);

On a site without load balancer the following should work...

HttpContext.Current.Request.IsSecureConnection

Alternative solution for GetLeftPart. You can check for both when determining if the connection is https and build the path

// get domain including scheme
bool isSecureConnection = HttpContext.Current.Request.IsSecureConnection;

if (!isSecureConnection)
{
    isSecureConnection = String.Equals(Request.ServerVariables["HTTP_X_FORWARDED_PROTO"], "https", StringComparison.OrdinalIgnoreCase);
}

string scheme = isSecureConnection ? "https" : "http";
string domain = string.Format("{0}://{1}/", scheme, HttpContext.Current.Request.Url.Authority);

Source: https://www.bugdebugzone.com/2013/12/identifying-https-or-ssl-connection-in.html

Request.Url.GetLeftPart(UriPartial.Authority) returns http on https site

4 Answers4