In this article, we shall see a few guidelines to resolve the error “Failed to determine the HTTPS port for the redirect” while configuring the HTTP Strict Transport Security (HSTS) header in your website or API.
Today in this article, we will cover below aspects,
Issue Description
ASP.NET Core API or Website runtime gives below error,
Failed to determine the HTTPS port for the redirect
Resolution
This issue generally occurs when configuring the HTTP Strict Transport Security (HSTS) header in the website or API. It is recommended to use HTTPS Vs HTTP protocol.
This is the default ASP.NET behavior where the recommendation is as below,
- The use of HSTS means all requests will be routed to HTTPS.
- Also, the ability to re-direct insecure requests(HTTP) to secure HTTPS.
Below is the sample code,
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts();
}
app.UseHttpsRedirection();
.
.
}
Above we have used middleware UseHttpsRedirection which redirects any HTTP request to a secured HTTPS request.
While redirecting the port must be available to redirect the request.
This can also be achieved by setting the variable port using any of the approaches discussed.
All the below approaches ultimately set the environment variable ASPNETCORE_HTTPS_PORT. Please see below for more details on various approaches to setting up the port.
Approach 1 – Configure X-Forwarded
headers
Configure the API middleware with ForwardedHeadersOptions to forward the two headers in the headers in Startup.ConfigureServices
.
X-Forwarded-For
X-Forwarded-Proto
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders =
ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});
...
...
}
Also, update the configure method as below,
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseForwardedHeaders();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts();
}
Please note to enable this middleware as the first middleware in the API Pipeline order.
If you see any issues with the above approach, please try setting up an HTTP port explicitly to resolve the issue which can be achieved using any of the below approaches.
Approach 2- Setting up HTTP Port
If the above approach for the Proto header forward doesn’t work for you, you may try the below approach.
All the below approaches to set the environment variable ASPNETCORE_HTTPS_PORT, you can use any of the below approaches to do the same.
- Set the environment variable ASPNETCORE_HTTPS_PORT explicitly with the port number.
- Using apsettings.json , please add the key value as “https_port“: 443
{
"https_port": 443,
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "*"
}
- HTTPS port can also be set by using the AddHttpsRedirection middleware option as below,
- To set the port number for https_port use configuration or call
UseSetting
by using Generic Host Builder
If the reverse proxy already handles HTTPS redirection, then don’t use HTTPS Redirection Middleware.
References :
Did I miss anything else in these resolution steps?
Did the above steps resolve your issue? Please sound off your comments below!
Happy Coding !!
Please bookmark this page and share it with your friends. Please Subscribe to the blog to receive notifications on freshly published(2024) best practices and guidelines for software design and development.
Hi Admin,
I am hosting my asp.net core inside kuberneties service but port forward not working for me….
Hello Sunder Patil,
Are you getting any error or did you add any logs providing more details ? Please configure your API to work with proxy servers and load balancers using ForwardedHeaders middleware as discussed in Approach 1. Also check on port requirement and set the desired port explicitly in API.
Thank you, I used Approach 2 and solved the problem
Hi Hadiuddin, thanks! Glad it helped you!