HTTP to HTTPS Browser issue

Question

I been searching about this issue about a couple of days and done pretty much research but I just can't figure this out.

I'm trying to control my pages to redirect them to http or https whatever I need it or not.

I created an attrubte to put above every page which I need to run in HTTPS

[AttributeUsage(AttributeTargets.Class)]
public sealed class RequireSSL : Attribute { }

Then I have a HttpModule running to check every page on request.

public class DartsGhentPipeline : IHttpModule
    {
        public void Init(HttpApplication context)
        {
            context.PreRequestHandlerExecute += Context_PreRequestHandlerExecute;
        }

        private void Context_PreRequestHandlerExecute(object sender, EventArgs e)
        {
            HttpApplication application = (HttpApplication)sender;
            HttpRequest request = application.Request;
            HttpResponse response = application.Response;
            Page page = application.Context.CurrentHandler as Page;

            if (page == null)
                return;

            bool requireSSL = page.GetType().GetCustomAttributes(typeof(RequireSSL), true).Length > 0;
            bool isSecureConnection = request.IsSecureConnection;
            string url = string.Format("{0}://www.dartsghent.be{1}", requireSSL ? Uri.UriSchemeHttps : Uri.UriSchemeHttp, HttpContext.Current.Request.RawUrl);

            if (requireSSL != isSecureConnection)
                response.RedirectPermanent(url);
        }

        public void Dispose() { }
    }

Problem here is, when I redirect to the same url or any other. The browser refuses to switch from http to https or the other way around which result in a redirect loop and the browser will prevent this from happening.

I have found my website would run perfectly when I alternate my url with www. or without the www. but I can't use this on subwebsite where I have test.dartsghent.be

can anyone tell my how I can fix this and please without the urlrewriter module pls.

any help is appreciated

Note: I'm not using MVC

Here is en example of Chrome output.

As you can see the page keeps redirecting itself. I'm using the RedirectPermanent(url) to https but even tho the redirect gets triggered its not moving to https so it keeps trying.

What do you mean "the browser refuses to switch" ? Are you seeing the correct redirect header being set in the response (use your browser developer tools)? What is the unexpected browser behavior, exactly? — John Wu, Jun 19 '17 at 19:54
In Chrome I got the following behavior http://dartsghent.be --> https://wwww.dartsghent.be = success http://dartsghent.be --> https://dartsghent.be = page will remain on the http protocol — Davy Quyo, Jun 20 '17 at 03:54
The more I test, The more I think the problem is in the redirect. even tho I'm clearly telling my redirect to go to a https link. it looks like the redirect is moving my redirecting itself to the same protocal as it is currently in as long the domain is the same. Any solutions about that ? — Davy Quyo, Jun 20 '17 at 04:10

score 1 · Answer 1 · answered Jun 19 '17 at 19:03

1

Assuming this is ASP.NET MVC...

This functionality already exists in MVC v4 via the System.Web.Mvc.RequireHttpsAttribute class.

answered Jun 19 '17 at 19:03

Sam Axe

33,313
9
55
89

yeah. I'm not using MVC. – Davy Quyo Jun 19 '17 at 19:04
Then you really need to give us that information up front. – Sam Axe Jun 19 '17 at 19:04
1

I did an edit on my post. thought we wouldn't go there sinse I didn't tag MVC – Davy Quyo Jun 19 '17 at 19:06
Telling us what you're NOT using is not terribly useful. How about adding tags to your question indicating the tech you are using? – Sam Axe Jun 19 '17 at 19:09

score 0 · Answer 2 · answered Jun 19 '17 at 19:21

0

You are hard-coding www.blah... for your url variable.

If you want to use sub-domains you need to interrogate the original request:

string url = requireSSL ? Uri.UriSchemeHttps : Uri.UriSchemeHttp +
             request.Host +
             request.AbsolutePath +
             request.Query;

This is off the top of my head. Inspect the resulting string and adjust accordingly.

answered Jun 19 '17 at 19:21

Sam Axe

33,313
9
55
89

I got my example from another guid on the net and adapted only a litle. Still your solution won't fix my problem to switch between http and https – Davy Quyo Jun 19 '17 at 19:49

Davy Quyo · Accepted Answer · 2017-07-06T15:45:39.460

I did more research and found the problem is in my redirect function. when you redirect to the same domain then it won't change the protocol. so what I did is to check the domain if www. is in front it or not and then redirect to the domain with the www. in front of it there isn't one.

Incase of a subdomain this would be harder so I would have to redirect to another page first. else the browser ends up in a loop.

seems a bit drastic for me but its the only way I get it to work.

HTTP to HTTPS Browser issue

3 Answers3