This site can’t provide a secure connection

asp.net security azure url-rewriting web-config

66,462

Solution 1

What I do personally is put that rewrite configuration into Web.Release.config precisely because it is a bit fiddly to get it working locally.

The problem is that IIS Express will expose HTTP and HTTPS on different ports, so if you redirect from http://localhost:1234 to https://localhost:1234, it simply won't work, because IIS Express is exposing HTTPS on something like https://localhost:44300.

You can enable SSL/TLS on IIS Express (and you should), but I would leave the rewrite rule only for Release mode.

Here is an example Web.Release.config file:

<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
  <system.web>
    <compilation xdt:Transform="RemoveAttributes(debug)" />
  </system.web>
  <system.webServer>
    <rewrite xdt:Transform="Insert">
      <rules>
        <!-- Redirects users to HTTPS if they try to access with HTTP -->
        <rule
          name="Force HTTPS"
          stopProcessing="true">
          <match url="(.*)"/>
          <conditions>
            <add input="{HTTPS}" pattern="^OFF$" ignoreCase="true"/>
          </conditions>
          <action
            type="Redirect"
            url="https://{HTTP_HOST}/{R:1}"
            redirectType="Permanent"/>
        </rule>
      </rules>
      <outboundRules>
        <!-- Enforces HTTPS for browsers with HSTS -->
        <!-- As per official spec only sent when users access with HTTPS -->
        <rule
          xdt:Transform="Insert"
          name="Add Strict-Transport-Security when HTTPS"
          enabled="true">
          <match serverVariable="RESPONSE_Strict_Transport_Security"
              pattern=".*" />
          <conditions>
            <add input="{HTTPS}" pattern="on" ignoreCase="true" />
          </conditions>
          <action type="Rewrite" value="max-age=31536000" />
        </rule>
      </outboundRules>
    </rewrite>
  </system.webServer>
</configuration>

Note that I also add HSTS here. It inserts the <rewrite> element into Web.config in Release mode. The <system.webServer> element already exists in Web.config, otherwise I would be inserting that.

Solution 2

This always solves the issue for me.

In Solution Explorer, click your project.
Hit the F4 key (view properties).
Copy the URL (NOT the SSL URL).
Paste the URL into the Project Url on the Web Tab, Save.
In Solution Explorer, click your project.
Hit the F4 key (view properties).
Change SSL Enabled to false.
Change it back to true. There should be a new SSL URL. Copy it.
Paste the new SSL URL into Project URL on Web tab. Click Create Virtual Directory.
Click Override application root URL, and paste in SSL URL. Save.

Solution 3

You will have to configure Visual Studio Server to be used with HTTPS. Please go through this link for details:
HTTPS with Visual Studio's built-in ASP.NET Development Server

66,462

Pradeep

Updated on May 12, 2022

Comments

Pradeep almost 2 years
When I added the URL rewrite code in web.config and then publish it into azure. it will automatically redirects to https even I am trying to access website with http.
```
<rewrite>
  <rules>
    <rule name="Redirect to https">
      <match url="(.*)"/>
      <conditions>
        <add input="{HTTPS}" pattern="Off"/>
      </conditions>
      <action type="Redirect" url="https://{HTTP_HOST}/{R:1}"/>
    </rule>
  </rules>
</rewrite>
```
But when I run the same code in my local machine it gives the below error.

This site can’t provide a secure connection

How can I resolve the above error when I run the above code in my local machine?
- raj'sCubicle over 6 years
  
  try this dotnetcodr.com/2015/09/18/…
- IdusOrtus about 5 years
  
  @ raj'sCubicle Thanks much. This was a far simpler solution.
- malt_man almost 5 years
  
  HELP! I followed these directions and now my project won't run on the local machine. I even back out of the changes but the web.config seems to be cached or something... How do I back out?
juunas about 7 years

IIS Express will allow using HTTPS, but it will be on a different port. This still won't solve the problem entirely. As the redirect happens to the same port, it won't be able to connect.
Pradeep about 7 years

still I am getting same error even I enabled the SSL property.
Pradeep about 7 years

Thanks Juunas, the above code shows some error on this line <rewrite xdt:Transform="Insert">. because the rewrite element doesn't allow transform attribute.
juunas about 7 years

It says a similar warning for me too, but still works. Not sure why it does that. It should not matter which element you put those on, the XML transform system doesn't care.
Pradeep about 7 years

Its working fine, But I created two config files are Web.Dev.config and Web.Prod.config. I added the rewrite code only in Web.Prod.config file, then publish it into azure its working fine. but when I published my app with Web.Dev.config file into azure still it redirects to https even I don't add the rewrite code in Web.Dev.config file.
juunas about 7 years

Well, the redirect issued by this config is permanent (HTTP 301). That means your browser will remember the rule. If I don't want users accessing the site over HTTP now, I won't want them to do so later.
Pradeep about 7 years

Thanks, for your suggestion.
Saurabh Solanki almost 5 years

changing the port for running iis express from project properties worked for me.
jonwa almost 2 years

Perfect step by step. Worked like a charm. Thank you!