Why does Request.IsSecureConnection return false when true is expected

I have an aspx page which is checking Request.IsSecureConnection to ensure it is true, if not it does a redirect to the the secure page at https://www.domain.com/page.aspx.

The server has an SSL cert installed for the domain, and the browser shows the padlock icon.

The same code ran fine on a different server, but now Request.IsSecureConnection always returns false.

I have created a completely empty aspx file, that just prints the return value of Request.IsSecureConnection and it is still false, so there is no other content coming from a standard http request.

Could anyone suggest what might be causing this, or give any hints on how I might find out what is causing this to always return false?

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

If there’s a load balancing router or similar in front of your web server with ssl termination then the connection from there to your web server won’t be over SSL. In this case you usually have to check for a connection on a specific port or for headers being set by the load balancer.

Method 2

Some load balancers add a new header to the request which you can use to determine if the original request from client came over SSL. With Azure websites the following code seems to work:

if (string.IsNullOrEmpty(Request.Headers["x-arr-ssl"]))
{
     // No SSL
}
else
{
     // Secure connection
}

Some other load balancers may use another header, for example X-Forwarded-Proto.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x