Can't get HTTPS to work on Azure Websites

[flagbug]

I've deployed my ASP.NET Core 1.0 app to Azure Websites, but for some reason, I can't get HTTPS to work.

These are the package versions I'm using:

 "Microsoft.AspNetCore.Authentication.JwtBearer": "1.0.0-rc2-16406",
        "Microsoft.AspNetCore.Cors": "1.0.0-rc2-16272",
        "Microsoft.AspNetCore.HttpOverrides": "1.0.0-rc2-16207",
        "Microsoft.AspNetCore.Identity": "1.0.0-rc2-16485",
        "Microsoft.AspNetCore.Identity.EntityFrameworkCore": "1.0.0-rc2-16485",
        "Microsoft.AspNetCore.IISPlatformHandler": "1.0.0-rc2-16276",
        "Microsoft.AspNetCore.Mvc": "1.0.0-rc2-17116",
        "Microsoft.AspNetCore.Server.Kestrel": "1.0.0-rc2-16448",
        "Microsoft.EntityFrameworkCore.Commands": "1.0.0-rc2-16937",
        "Microsoft.EntityFrameworkCore.SqlServer": "1.0.0-rc2-16937",
        "Microsoft.Extensions.Configuration.Binder": "1.0.0-rc2-15952",
        "Microsoft.Extensions.Configuration.FileProviderExtensions": "1.0.0-rc2-16100",
        "Microsoft.Extensions.Configuration.Json": "1.0.0-rc2-16100",
        "Microsoft.Extensions.Logging": "1.0.0-rc2-16119",
        "Microsoft.Extensions.Logging.Console": "1.0.0-rc2-16119",
        "Microsoft.Extensions.Logging.Debug": "1.0.0-rc2-16119",
        "OpenIddict.Core": "1.0.0-alpha2-0148",
        "OpenIddict.EF": "1.0.0-alpha2-0148"

With DNX 1.0.0-rc2-16551

My startup class looks like this: https://gist.github.com/flagbug/3558413482511986421c

My web.config file contains the following entry to force HTTPS:

<rewrite>
      <rules>
        <clear />
        <rule name="Redirect to https" stopProcessing="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTPS}" pattern="off" ignoreCase="true" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
        </rule>
      </rules>
    </rewrite>

To determine the scheme a request is using, I'm using

app.Use(next => context =>
{
    var scheme = context.Request.Scheme;

     // Log the scheme here

     return next(context);
});

which always returns "http", even though I'm calling my site on a https address

// cc @PinpointTownes who was interested in this issue

[halter73]

You need to add the "Microsoft.AspNetCore.Server.Kestrel.Https" and call app.UseKestrelHttps in your Startup.Configure method.

This guide shows how to do the full setup including exporting certs. Since you are using rc2, you shouldn't need to use the ChangeContextToHttps workaround in that blog post.

If all else fails, you can see if you can get the Kestrel sample working which uses HTTPS.

[flagbug]

@halter73 I thought that since I'm using Azure Websites, I'm forced to use IIS?

[halter73]

IIS is actually forwarding requests to Kestrel using the HttpPlatformHandler IIS module that proxies requests to Kestrel. The following announcement covers some of the reasoning behind this decision: aspnet/Announcements#69

However, you're right that you probably should be using IIS for SSL/TLS termination. Did you try following the steps in this guide? https://azure.microsoft.com/en-us/documentation/articles/web-sites-dotnet-deploy-aspnet-mvc-app-membership-oauth-sql-database/#enable-ssl-for-the-project

BTW, does the browser establish an HTTPS connection and it's just the middleware that is showing the wrong scheme?

[kevinchalet]

@halter73 FYI, @flagbug's bug is caused by recent changes in the override middleware. I've posted more details there: aspnet/BasicMiddleware#18 (comment)

[aspnet-hello]

This issue is being closed because it has not been updated in 3 months.

We apologize if this causes any inconvenience. We ask that if you are still encountering this issue, please log a new issue with updated information and we will investigate.