用URL重写HTTPS不工作的appharbor [英] HTTPS with URL rewriting is not working on appharbor

问题描述

我已经建立其在 AppHarbor 托管在asp.net 3.5的应用程序。问题是，对HTTPS URL重写是行不通的。以下是code运行一些对SSL的网页：

I have built an application on asp.net 3.5 which is hosted on AppHarbor. The problem is that on HTTPS URL rewriting is not working. The following is the code to run some of the pages on SSL:

string CurrentUrl = Request.Url.ToString();
string sPath = System.Web.HttpContext.Current.Request.Url.AbsolutePath;      
System.IO.FileInfo oInfo = new System.IO.FileInfo(sPath);
string sRet = oInfo.Name;       
string sDir = oInfo.Directory.Name;     
pageName = sRet;
if (sRet == "Register.aspx" || sRet == "Login.aspx" || sRet == "Post.aspx" || sRet == "ChangePassword.aspx" || sRet == "ChangeUserStatus.aspx" || sRet == "Verification.aspx" || sRet == "ContactInfo.aspx" || sRet == "Find.aspx" || sRet == "MyAccount.aspx" || sRet == "MyEmailAddresses.aspx" || sRet == "Load.aspx" || sRet == "MyPostedLoads.aspx" || sRet == "MySubmittedBids.aspx" || sRet == "MySavedAddresses.aspx" || sRet == "MyCarriers.aspx" || sRet == "MyPotentialLoads.aspx" || sRet == "MyFreightAlarms.aspx" || sRet == "MyFreightAlarmsPreferences.aspx" || sRet == "MyAddress.aspx" || sRet == "GetUserComments.aspx" || sRet == "MyCreditCard.aspx" || sRet == "MyWallet.aspx" || sRet == "InvoiceMe.aspx" || sRet == "MyShippers.aspx" || sRet == "MyCoWorkers.aspx" || sRet == "MyACH.aspx" || sRet == "RouteMap.aspx" || sRet == "Pricing.aspx" || sRet == "PricingPayment.aspx" || sRet == "PaymentProcessed.aspx")
{
    string NewUrl = "";

    if (!Request.IsSecureConnection && !string.Equals(HttpContext.Current.Request.Headers["X-Forwarded-Proto"], "https", StringComparison.OrdinalIgnoreCase))
    {
        NewUrl = Regex.Replace(CurrentUrl,
                               @"^https?(://[^/:]*)(:\d*)?", 
                               "https$1", 
                               RegexOptions.IgnoreCase);

        Response.Redirect(NewUrl);
    }
}

和在web.config中的URL重写规则：

And the rule for URL rewrite on web.config:

<rewrite>
  <rules>
    <rule name="Rewrite with .aspx" stopProcessing="true">
      <match url="^([^\.]+)$" />
      <action type="Rewrite" url="{R:1}.aspx" />
    </rule>
    <rule name="Redirect .aspx page requests" stopProcessing="true">
      <match url="(.+)\.aspx" />
      <action type="Redirect" url="{R:1}" />
    </rule>
  </rules>
</rewrite>

的问题是该网页保持在无限循环，并且不能正确地重定向

The problem is the that page remains in an indefinite loop and can not redirect properly.

推荐答案

像EDSF提到的，你所遇到的问题是因为SSL（HTTPS）在负载均衡的水平。含义，即进入你的ASP.NET应用程序的所有请求将HTTP。

Like EdSF mentioned, the problem you are experiencing is because the SSL (HTTPs) is at the load-balancer level. Meaning, all requests that come into your ASP.NET application will be HTTP.

所以在AppHarbor运行应用程序，以下将永远是正确的：

So in your application running on AppHarbor, the following will always be true:

Request : https://mysite.com/about
---------------------------------------------------------------------------------
-> Request.Url.Scheme // http
-> Request.Url.AbsoluteUri // http://mysite.com:port/about
-> Request.issecure // false

您重写规则都是靠protocal /方案为 HTTPS 键，它从不将造成一个无限循环。

You rewrite rules are relying on the protocal/scheme to be https and it never will be, causing an infinite loop.

的方式来检查在AppHarbor运行ASP.NET应用程序的HTTPS是以下内容：

The way to check for HTTPS in your ASP.NET application running on AppHarbor would be the following:

string.Equals(Request.Headers["X-Forwarded-Proto"], 
              "https", 
              StringComparison.InvariantCultureIgnoreCase);

我也主办AppHarbor我的web应用程序，需要一个更好的解决方案，所以我创建了 SecurePages 项目（的的NuGet - 的 GitHub的）。该项目允许您配置安全/ HTTPS URL以字符串以及正则表达式。这也迫使所有其他的URL使用HTTP。您也可以注册充当HTTPS请求匹配规则定制predicate代表。所以，你可以注册一个AppHarbor检查标题：

I also host my web application on AppHarbor and needed a better solution so I created the SecurePages project (NuGet - GitHub). This project allows you to configure secure/https URLs with string literals as well as regex. It also forces all other URLs to use HTTP. You can also register custom predicate delegates that act as HTTPs request matching rules. So you could register one for AppHarbor to check the headers:

//Secure a page    
secureUrls.AddUrl("/Register.aspx");

//Secure any page under /cart/*
secureUrls.AddRegex(@"(.*)cart", RegexOptions.IgnoreCase);

//Register a custom HTTPs match rule for AppHarbor
SecurePagesConfiguration.RegisterCustomMatchRule(
                c => string.Equals(c.Request.Headers["X-Forwarded-Proto"], "https", StringComparison.InvariantCultureIgnoreCase));

安全网页还支持单元测试，并与IIS防爆preSS本地浏览器的测试。

Secure pages also supports Unit Testing and local browser testing with IIS Express.

这篇关于用URL重写HTTPS不工作的appharbor的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！