在负载平衡器之后进行MVC HTTPS重定向 [英] MVC HTTPS redirection when behind a load balancer
问题描述
我在Amazon Elastic Load Balancer后面的Amazon EC2上的某些IIS服务器中使用MVC5. IIS服务器仅运行HTTP协议,而ELB会转换为HTTPS.
I'm using MVC5 in some IIS servers on Amazon EC2, behind a Amazon Elastic Load Balancer. IIS servers runs only HTTP protocol, and ELB converts to HTTPS.
IIS服务器不知道用户是否通过HTTPS访问,因此我有一个重写规则,检查"X-Forwarded-Proto"标头以将用户重定向到HTTPS.
IIS server doesn't know if user is accessing thru HTTPS, so I have a rewrite rule checking "X-Forwarded-Proto" header to redirect user to HTTPS.
不幸的是,当需要登录时,MVC/IIS会将用户重定向到HTTP中的登录页面.
Unfortunately, when a login is required, MVC/IIS redirects user to a logon page in HTTP.
如果我使用 http://www.redirect-checker.org/我得到以下类型的结果:
If I check my website in a tool like http://www.redirect-checker.org/ I get these type of results:
301永久移动(我的URL重写规则)
301 Moved Permanently (my URL rewrite rule)
找到302(需要登录重定向->为什么要使用HTTP?)
302 Found (Login-required redirect -> why to HTTP?)
http://example.com/Account/Logon?ReturnUrl=%2F
301永久移动(再次按照我的URL重写规则)
301 Moved Permanently (again my URL rewrite rule)
https://example.com/Account/Logon?ReturnUrl=%2F
200好
我想念什么吗?
我可以配置登录重定向以保留协议,从而消除这些重定向之一吗?
Can I configure login-redirect to keep protocol, eliminating one of these redirects?
更好的是,为了只进行一次重定向,我可以以某种方式优先于登录重定向规则并使其强制HTTPS吗?
Better yet, can I somehow precede login-redirect rule and make it force HTTPS, in order to have only one redirect?
非常感谢!
附录: 我检查了诸如"RedirectToAction"之类的命令是否发送了诸如"/Index2"之类的地址,而不是整个" http://example.com/Index2 ".很好,所以它保留了用户协议.
Appendix: I checked that commands like "RedirectToAction" send address like "/Index2", not the whole "http://example.com/Index2". This is fine, so it keeps the user protocol.
推荐答案
假定您正在使用ASP.NET表单身份验证,请在web.config
中查看您的Authentication
配置,并将requireSsl="true"
添加到<forms>
元素,如下所示:
Assuming you're using ASP.NET forms authentication, have a look in your web.config
for your Authentication
configuration and add requireSsl="true"
to the <forms>
element, as below:
<authentication mode="Forms">
<forms loginUrl="~/Account/LogOn" timeout="2880" requireSSL="true" />
</authentication>
这篇关于在负载平衡器之后进行MVC HTTPS重定向的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!