带URL重写的HTTPS在appharbor上不起作用

Question

我在AppHarbor上托管的asp.net 3.5上构建了一个应用程序。问题是在HTTPS URL重写不起作用。以下是运行一些对SSL页面的代码：

string CurrentUrl = Request.Url.ToString(); 
string sPath = System.Web.HttpContext.Current.Request.Url.AbsolutePath;  
System.IO.FileInfo oInfo = new System.IO.FileInfo(sPath); 
string sRet = oInfo.Name;  
string sDir = oInfo.Directory.Name;  
pageName = sRet; 
if (sRet == "Register.aspx" || sRet == "Login.aspx" || sRet == "Post.aspx" || sRet == "ChangePassword.aspx" || sRet == "ChangeUserStatus.aspx" || sRet == "Verification.aspx" || sRet == "ContactInfo.aspx" || sRet == "Find.aspx" || sRet == "MyAccount.aspx" || sRet == "MyEmailAddresses.aspx" || sRet == "Load.aspx" || sRet == "MyPostedLoads.aspx" || sRet == "MySubmittedBids.aspx" || sRet == "MySavedAddresses.aspx" || sRet == "MyCarriers.aspx" || sRet == "MyPotentialLoads.aspx" || sRet == "MyFreightAlarms.aspx" || sRet == "MyFreightAlarmsPreferences.aspx" || sRet == "MyAddress.aspx" || sRet == "GetUserComments.aspx" || sRet == "MyCreditCard.aspx" || sRet == "MyWallet.aspx" || sRet == "InvoiceMe.aspx" || sRet == "MyShippers.aspx" || sRet == "MyCoWorkers.aspx" || sRet == "MyACH.aspx" || sRet == "RouteMap.aspx" || sRet == "Pricing.aspx" || sRet == "PricingPayment.aspx" || sRet == "PaymentProcessed.aspx") 
{ 
    string NewUrl = ""; 

    if (!Request.IsSecureConnection && !string.Equals(HttpContext.Current.Request.Headers["X-Forwarded-Proto"], "https", StringComparison.OrdinalIgnoreCase)) 
    { 
     NewUrl = Regex.Replace(CurrentUrl, 
           @"^https?(://[^/:]*)(:\d*)?", 
           "https$1", 
           RegexOptions.IgnoreCase); 

     Response.Redirect(NewUrl); 
    } 
} 

而且在web.config中的URL重写规则：

<rewrite> 
    <rules> 
    <rule name="Rewrite with .aspx" stopProcessing="true"> 
     <match url="^([^\.]+)$" /> 
     <action type="Rewrite" url="{R:1}.aspx" /> 
    </rule> 
    <rule name="Redirect .aspx page requests" stopProcessing="true"> 
     <match url="(.+)\.aspx" /> 
     <action type="Redirect" url="{R:1}" /> 
    </rule> 
    </rules> 
</rewrite> 

的问题是该网页保留在无限循环并且无法正确重定向。

Answer 1

RequireHttpsAttribute：如果您使用内置的RequireHttpsAttribute来确保控制器操作始终使用HTTPS，您将会遇到重定向循环。 原因是SSL在负载平衡器级别处终止，RequireHttps无法识别它用于指示请求是使用HTTPS制作的X-Forwarded-Proto标头。

“肉”以粗体显示。

请参阅：AppHarbor SSL FAQ - 特别是疑难解答部分。

如果您在Web服务器前安装了SSL集中器或类似设备，则会出现同样的问题。这是相当常见的“云主机”环境....

H个....

Answer 2

像EDSF提到的，你所遇到的问题是，因为SSL（HTTPS）是在负载均衡的水平。意思是，所有进入你的ASP.NET应用程序的请求都是HTTP。

所以在AppHarbor运行应用程序，以下将永远是正确的：

Request : https://mysite.com/about 
--------------------------------------------------------------------------------- 
-> Request.Url.Scheme // http 
-> Request.Url.AbsoluteUri // http://mysite.com:port/about 
-> Request.issecure // false 

你重写规则都是靠protocal /方案是https，它永远不会是，导致一个无限循环。

检查在AppHarbor运行ASP.NET应用程序的HTTPS会是以下方式：

string.Equals(Request.Headers["X-Forwarded-Proto"], 
       "https", 
       StringComparison.InvariantCultureIgnoreCase); 

我还主办AppHarbor我的web应用程序，需要一个更好的解决方案，所以我创建了SecurePages项目（NuGet-GitHub）。该项目允许您使用字符串文字和正则表达式来配​​置安全/ https URL。它也强制所有其他URL使用HTTP。您还可以注册充当HTTP请求匹配规则的自定义谓词代表。所以，你可以注册一个AppHarbor检查标题：

//Secure a page  
secureUrls.AddUrl("/Register.aspx"); 

//Secure any page under /cart/* 
secureUrls.AddRegex(@"(.*)cart", RegexOptions.IgnoreCase); 

//Register a custom HTTPs match rule for AppHarbor 
SecurePagesConfiguration.RegisterCustomMatchRule(
       c => string.Equals(c.Request.Headers["X-Forwarded-Proto"], "https", StringComparison.InvariantCultureIgnoreCase)); 

安全网页还支持单元测试，并与IIS快递本地浏览器的测试。