HTTPS redirection on IIS for .NET application

Question

I have an IIS .NET application listening on two ports:

• http port 8282 (a legacy link)
• https port 8283

I would like to redirect the http port to the https binding.

I have created a redirect rule as per below. I have also disabled "Enforce SSL".

When I try to access the app via http the url changes from http to https but the port stays the same. Edge browser returns this error:

The connection for this site is not secure sent an invalid response. ERR_SSL_PROTOCOL_ERROR

Redirect rule:

<rewrite>
    <rules>
        <rule name="HTTPS force" enabled="true" stopProcessing="true">
            <match url="(.*)" />
            <conditions>
                <add input="{HTTPS}" pattern="^OFF$" />
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
        </rule>
    </rules>
</rewrite>

I also tried adding the following in Program.cs

builder.Services.AddHttpsRedirection(options =>
{
    options.RedirectStatusCode = (int)HttpStatusCode.PermanentRedirect;
    options.HttpsPort = builder.Configuration.GetValue<int>("https_port");
});

Answer 1

The variable {HTTP_HOST} contains not only the host but also the port when using IISUrlRewriteOptions. As described in this thread.

Your project is running on ports 8282 (http) and 8283 (https), when you use your rule to redirect all clients to HTTPS, it will cause http to be correctly rewritten to https , but the port will still be 8282. You need to specify the port number in the redirect URL. Please try the following rule:

<rewrite>
    <rules>
        <rule name="HTTPS force" enabled="true" stopProcessing="true">
            <match url="(.*)" />
            <conditions>
                <add input="{HTTPS}" pattern="^OFF$" />
            </conditions>
            <action type="Redirect" url="https://{server_name}:8283/{R:1}" redirectType="Permanent" />
        </rule>
    </rules>
</rewrite>