Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[Announcement] HTTPS redirection changes for IIS OutOfProcess in 2.2 and 3.0
See original GitHub issueHTTPS redirection changes for IIS OutOfProcess in 2.2 and 3.0
The new AspNetCoreModule for hosting via IIS OutOfProcess lights up an existing HTTPS redirection feature for both 3.0 and 2.2 applications.
Version introduced
ASP.NET Core 3.0 AspNetCoreModule 13.0.19218.0
Old behavior
The 2.1 project template first introduced support for HTTPS tools like UseHttpsRedirection and UseHsts. Https redirection required configuration to enable since apps in development do not use the default port 443. Hsts is only active if the request is already HTTPS, and skips localhost by default.
New behavior
In 3.0 the IIS HTTPS scenario was enhanced so that the application could discover the server HTTPS ports and make UseHttpsRedirection work by default. InProcess did this via the IServerAddresses feature, which only affects 3.0 applications because the InProcess library is versioned with the framework. OutOfProcess changed to automatically add the ASPNETCORE_HTTPS_PORT environment variable which affected both 2.2 and 3.0 applications because the OutOfProcess component is shared globally. 2.1 apps are not affected because they use a prior version of AspNetCoreModule by default.
The 3.0 version of AspNetCoreModule was recently deployed to Azure Web Sites and some users noticed the that this did affect their 2.2 applications as described above.
Reason for change
Improved 3.0 functionality.
Recommended action
If you want all clients to use HTTPS then no action is required. If you want to allow some clients to use HTTP then take one of the following steps:
A) Remove UseHttpsRedirection and UseHsts from your application’s Startup.cs file and redeploy the application.
Or B) Add the environment variable ASPNETCORE_HTTPS_PORT with an empty to your web.config file. This can be done directly on the server without redeploying the application.
<aspNetCore processPath="dotnet" arguments=".\WebApplication3.dll" stdoutLogEnabled="false" stdoutLogFile="\\?\%home%\LogFiles\stdout" >
<environmentVariables>
<environmentVariable name="ASPNETCORE_HTTPS_PORT" value="" />
</environmentVariables>
</aspNetCore>
Category
ASP.NET
Affected APIs
Issue metadata
- Issue type: breaking-change
Issue Analytics
- State:
- Created 4 years ago
- Comments:5 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
This change only affects IIS InProc and OutOfProc where they forward the necessary information to the app to automatically activate
UseHttpsRedirection. If you don’t want auto redirection then removeUseHttpsRedirection. Setting the environment variable to empty is a short term opt-out that doesn’t require recompiling or redeploying.Bare Kestrel and HttpSys already supported auto redirection by exposing the port information via IServerAddresses. Enable or disable it by adding or removing UseHttpsRedirection.
Other reverse proxies would still need to set the
ASPNETCORE_HTTPS_PORTenvironment variable.Closing as there have been two releases with this change in it.