In this article, we shall see a few guidelines to resolve the error “Failed to determine the HTTPS port for the redirect” while configuring the HTTP Strict Transport Security (HSTS) header in your website or API.

Today in this article, we will cover below aspects,

Issue Description

ASP.NET Core API or Website runtime gives below error,

Failed to determine the HTTPS port for the redirect

Resolution

This issue generally occurs when configuring the HTTP Strict Transport Security (HSTSheader in the website or API. It is recommended to use HTTPS Vs HTTP protocol.

This is the default ASP.NET behavior where the recommendation is as below,

  • The use of HSTS means all requests will be routed to HTTPS.
  • Also, the ability to re-direct insecure requests(HTTP) to secure HTTPS.

Below is the sample code,

 
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseHsts();
            }

            app.UseHttpsRedirection();

.
.

     }
   

Above we have used middleware UseHttpsRedirection which redirects any HTTP request to a secured HTTPS request.

While redirecting the port must be available to redirect the request.

This can also be achieved by setting the variable port using any of the approaches discussed.

All the below approaches ultimately set the environment variable ASPNETCORE_HTTPS_PORT. Please see below for more details on various approaches to setting up the port.

Approach 1 – Configure X-Forwarded headers

Configure the API middleware with ForwardedHeadersOptions to forward the two headers in the headers in Startup.ConfigureServices.

  • X-Forwarded-For 
  • X-Forwarded-Proto 

  public void ConfigureServices(IServiceCollection services)
        {
            services.AddControllers();

            services.Configure<ForwardedHeadersOptions>(options =>
            {
                options.ForwardedHeaders =
                    ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
            });
       ...
       ...

        }

Also, update the configure method as below,

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        app.UseForwardedHeaders();

        if (env.IsDevelopment())
        {
             app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseHsts();
        }

Please note to enable this middleware as the first middleware in the API Pipeline order.

If you see any issues with the above approach, please try setting up an HTTP port explicitly to resolve the issue which can be achieved using any of the below approaches.

Approach 2- Setting up HTTP Port

If the above approach for the Proto header forward doesn’t work for you, you may try the below approach.

All the below approaches to set the environment variable ASPNETCORE_HTTPS_PORT, you can use any of the below approaches to do the same.

  • Set the environment variable ASPNETCORE_HTTPS_PORT explicitly with the port number.

  • Using apsettings.json , please add the key value as “https_port“: 443

{
    "https_port": 443,

    "Logging": {
        "LogLevel": {
            "Default": "Information",
            "Microsoft": "Warning",
            "Microsoft.Hosting.Lifetime": "Information"
        }
    },
    "AllowedHosts": "*"
}

  • HTTPS port can also be set by using the AddHttpsRedirection middleware option as below,

Failed to determine the HTTPS port for the redirect

  • To set the port number for https_port use configuration or call UseSetting by using Generic Host Builder

HSTS Failed to determine the HTTPS port for the redirect

If the reverse proxy already handles HTTPS redirection, then don’t use HTTPS Redirection Middleware. 

References :

Did I miss anything else in these resolution steps?

Did the above steps resolve your issue? Please sound off your comments below!

Happy Coding !!



Please bookmark this page and share it with your friends. Please Subscribe to the blog to receive notifications on freshly published(2024) best practices and guidelines for software design and development.



4 thoughts on “Resolved-Failed to determine the HTTPS port for the redirect

    1. Hello Sunder Patil,

      Are you getting any error or did you add any logs providing more details ? Please configure your API to work with proxy servers and load balancers using ForwardedHeaders middleware as discussed in Approach 1. Also check on port requirement and set the desired port explicitly in API.

Leave a Reply

Your email address will not be published. Required fields are marked *