Shulou(Shulou.com)06/02 Report--

This article is about how to solve the problem of http redirection https in asp.net core load balancing scenarios. The editor thinks it is very practical, so I share it with you. I hope you can learn something after reading this article. Let's take a look at it with the editor.

Last week, Microsoft was pleased to find that Microsoft has finally provided a solution to asp.net core's forced redirection from http to https while using load balancing.

App.UseForwardedHeaders (new ForwardedHeadersOptions {ForwardedHeaders = ForwardedHeaders.XForwardedProto}); var options = new RewriteOptions () .AddRedirectToHttpsPermanent (); app.UseRewriter (options)

But after the actual use, joy turned into disappointment-Microsoft's understanding of this problem is different from ours, so this method is not applicable to us, so we have to continue to use our native method.

Why is this? Please look at the decomposition below.

AddRedirectToHttpsPermanent has long been implemented in BasicMiddleware's RedirectToHttpsRule, and its logic is simple-- determine whether the current request is a https, and redirect if not.

If (! context.HttpContext.Request.IsHttps) {/ /.}

This straightforward judgment not only does not work well in scenarios where load balancing is used, but also has a fatal side effect-putting the request into a redirect dead loop (ERR_TOO_MANY_REDIRECTS). Because no matter whether the request from the client is http or https, there is always http between the load balancer and the back-end server (of course you can use https, but it is a waste of food when you have enough to eat). If the cloud load balancer does not provide this information, only http does not have https in the eyes of the back-end server, and http redirection https cannot be implemented at all.

From the point of view of load balancing, in order to solve this problem, this message is usually grabbed and sent through another dedicated request header, which is called "X-Forwarded-Proto".

From the perspective of asp.net core, to solve this problem, we need to bridge the gap between Request.IsHttps and X-Forwarded-Proto. So Microsoft implements the above app.UseForwardedHeaders (), which is actually done by ForwardedHeadersMiddleware-- setting Scheme according to X-Forwarded-Proto (Request.IsHttps is based on Scheme).

If (checkProto & & I < forwardedProto.Length) {set.Scheme = forwardedProto [forwardedProto.Length-I-1];}

So far, Microsoft has solved the problem perfectly, and RedirectToHttpsRule doesn't have to modify a single line of code.

But in practice, we found a big problem that we had to abandon this seemingly perfect solution.

Microsoft's solution to the http to https problem is like this: as long as the request is not https, it will be forced to jump to https (this is no problem), regardless of whether the request is forwarded by the load balancer or not (this is not thoughtful).

The problem we need to solve is: only if the original request forwarded by the load balancer is http, will it be forced to jump to https. For example, native access to the server, such as access from other docker containers, if this is also redirected, then each server (or docker container) has to deploy https certificates, which is troublesome.

One is to jump as long as it is not https, and the other is to jump only if it is forwarded http. It is because of this difference in understanding of the problem that we have to abandon Microsoft's official solution and continue to use our less elegant local approach.

RedirectToProxiedHttpsRule

Public class RedirectToProxiedHttpsRule: RedirectToHttpsRule {

Public RedirectToProxiedHttpsRule () {

Base.StatusCode = StatusCodes.Status301MovedPermanently

Base.SSLPort = null;}

Public override void ApplyRule (RewriteContext context) {

Var key = "X-Forwarded-Proto"

Var request = context.HttpContext.Request

If (request.Headers.ContainsKey (key)) {

If (request. Headers [key] .FirstOrDefault () = "http") {

Base.ApplyRule (context);}

RewriteOptionsExtensions

Public static class RewriteOptionsExtensions {

Public static RewriteOptions AddRedirectForwardedHttpToHttps (this RewriteOptions options) {options.Rules.Add (new RedirectToProxiedHttpsRule ())

Return options;}}

Use in Startup

Var options = new RewriteOptions () .AddRedirectForwardedHttpToHttps (); app.UseRewriter (options). The above is how to solve the problem of http redirecting HttpToHttps in asp.net core load balance scenarios. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.