RequireHttps causes redirect loop on Amazon Elastic Load Balancer

Asked 27/8, 2012 at 14:42 Answered 24/6, 2016 at 18:10

Solved asp.net-mvc ssl amazon-web-services load-balancing

I have an ASP.NET MVC 4 application running behind Amazon's elastic load balancer. Everything works OK when I install my SSL certificate on the load balancer and the web server and terminate SSL at the web server layer.

However, when I attempt to terminate at the load balancer layer, forwarding internal traffic from the load balancer to web servers un-encrypted on port 80, the RequireHttps attribute causes a redirect loop. This seemingly makes sense as it is requesting an encrypted channel and doesn't know that it is getting one (between the browser and load balancer). Has anyone run into this same issue? Any suggestions would be appreciated!

Edit: The solution

The following links may be useful to anyone else who runs into this issue:

MVC3, RequireHttps and custom handler result in http 310

https://gist.github.com/915869

Matriculation answered 27/8, 2012 at 14:42 Comment(0)

It seems that to use this functionality on AWS, you look at the "X-Forwarded-Proto" HTTP header item. If the initial request is HTTPS, the load balancer injects the header and it says "https". If it's HTTP, it says, "http".

Answer found here: http://aws.typepad.com/aws/2010/10/keeping-customers-happy-another-new-elastic-load-balancer-feature.html

Propel answered 27/8, 2012 at 23:31 Comment(0)

I was experiencing the same issue I found that the following RequireHttpsAttribute filter worked for me.

public class SSLFilter : RequireHttpsAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        if (filterContext == null)
        {
            throw new ArgumentNullException("filterContext");
        }

        if (filterContext.HttpContext.Request.IsLocal ||
            (filterContext.RequestContext.HttpContext.Request.Headers.AllKeys.Contains("X-Forwarded-Proto") &&
            filterContext.RequestContext.HttpContext.Request.Headers.Get("X-Forwarded-Proto").ToLower().Equals("https")))
        {
            return;
        }

        base.OnAuthorization(filterContext);
    }
}

Allegorize answered 1/7, 2015 at 7:32 Comment(1)

Implemented this and got ' took too long to respond.' Is there something else I'm missing? – Monosaccharide 12/9, 2016 at 10:32

I provided a solution for this in the following link: https://mcmap.net/q/1478006/-requirehttpsattribute-with-netcore-rc2-causes-http302-redirect-loop-on-azure#=

Which says:

You can work around this by adding the following lines to ConfigureServices in Startup.cs (and add "using Microsoft.AspNetCore.HttpOverrides;")

services.Configure<ForwardedHeadersOptions>(options =>
        {
            options.ForwardedHeaders = ForwardedHeaders.XForwardedProto;
        });

Tensive answered 24/6, 2016 at 18:10 Comment(0)

Recommended topics

Hot tags