ASP.NET Webservice HTTP Redirect - asp.net

My website posts orders to partner sites using web services. Recently, one of our partners implemented load balancing on their servers and our web requests are failing because they get redirected to other URLs.
Normally when we test they pass because the URI is static but in production they fail because the requests get redirected.
e.g. redirecting from http://mysite.com/services/myservice.asmx to http://subnet.mysite.com/services/myservice.asmx
Any ideas?

Just make sure you set the AllowAutoRedirect property on the client to true.

Related

Azure App Service won't serve via HTTP

I have an ASP.net MVC app running on Azure App Service ... I've searched for the answer, but have not found it ... my app seems to always force HTTPS redirect, no matter what. All the docs say it should serve content via HTTP by default, but it does not. Most everyone has the opposite problem of needing to redirect HTTP to HTTPS.
I need Azure App Service to do the following:
1) Serve static Default.htm page via HTTP, without redirecting to HTTPS
My app has a custom domain and no SSL for the custom domain. I want the URL http://example.com/Default.htm to serve the static page, not redirect to HTTPS to serve the static page. I will use azurewebsites domain when I want users to be in HTTPS. I want to use my custom domain name to serve a static home page for users arriving at my site.
As far as I can determine, I do not have any app extensions installed (such s https redirect extension), or anything in web.config to force https, or any RequireHTTPS attributes ... can anyone explain why plain old regular boring HTTP doesn't work here?
Thanks

Redirect to https schema asp.net mvc web api request

Some web sites are sending request to https url adress. I am entering http:/somesite.com but it is going to https:/somesite.com
I am plannig to get an SSL sertificate and use https for my site. I am using asp.net mvc web api.
I want to redirect to https page my users. Should I do it with a handler, or HttpMessageHandler or directly from IIS?
trailmax has a pretty good solution for your problem in his blog. He even has some nice unit tests:)
http://tech.trailmax.info/2014/02/implemnting-https-everywhere-in-asp-net-mvc-application/

If my web site is HTTPS does every call for data or a static page have to be HTTPS also?

I have a web api application that I am considering moving to HTTPS. The reason is really just for the initial login where I would like to hide the username and password.
Once logged in do all other calls from the pages also need to be HTTPS? For example do my calls to CSS and scripts need to travel over HTTPS? How about WebAPI calls?
When referencing HTTP content from HTTPS pages, some user agents will issue warnings about "mixed content" or "insecure content" to the user, others may block the content (older versions of IE do that). GitHub solved this issue using ngnix as reverse proxy, so it serves the static content as HTTPS.
If you are only worried about the authentication, and it is cookie based, you can do the authentication in HTTPS and then get back to HTTP. The cookie will be shared as long it is not marked as Secure. Remember that both the GET request acquiring the login FORM and the POST call sending the login form should be HTTPS to be secure.
You can use the page in HTTP and do the AJAX calls in HTTPS: Ajax using https on an http page. Again, this may be useless if the auth form is not secure as well.
If your static content is hosted in a CDN, probably the CDN is able of proxying the requests to your site and return HTTPS content if required.
Static content served as HTTP won't be cached for when you request the same content through HTTPS, neither viceversa, so it will basically downloaded twice.
Also relevant, please check these 7 myths about HTTPS, specially myth #1. If you are worried about security, maybe switch completely to HTTPS is the best decision.

HTTP site to HTTPS webservice using CORS

I have an HTML5/JS website on on domain, which uses an asp.mvc web service for CORS queries on another domain.
Everything works fine with HTTP -> HTTP however as we are now adding login and authentication mechanisms for user specific content we are wanting to enable HTTPS. However it just refuses to send the options request to the web service, just gives an "Aborted" status.
I am testing using Firefox and the web service is hosted on IIS7 with a self cert (generated with SelfSSL7).
Is there any known issues around this? I did check:
Cross domain request from HTTP to HTTPS aborts immediately
However it mentions the solution is to make sure the cert is trusted, and to my knowledge SelfSSL is doing this using the /T option when I call it. So is there anything else which needs to be changed to get this working?
You will unfortunately need to manually set this in firefox, although I believe you can override this behaviour if you manually set the profile configuration.

Cannot access site through http from https server

I have a https site say with url www.example.com. On this server, I've an application which is decoupled in front-end and back-end. The front-end is a gwt application and the back-end is a REST interface.
To call the rest interface, the front-end uses https, say with a url like https://www.example.com/api
however, when I'm trying to call the front-end using http://www.example.com, it is not making the call to rest interface when i'm using https://www.example.com, it is ok. Can someone explain the reason of this problem??
https://www.example.com and http://www.example.com are different URIs and nothing requires that a web server serve up the same content for both. Presumably your server isn't configured to do so.

Resources