I'm trying to force the use of SSL from my MVC WEB application.
I've tried with redirect in the global wing, but it goes into lopping too_many_redirects.
protected void Application_BeginRequest(Object source, EventArgs e)
{
if (!Context.Request.IsSecureConnection)
{
Response.Redirect(Request.Url.AbsoluteUri.Replace("http://", "https://"));
}
}
How can I force myself without falling into the redirect problem?
Response based on comment mentioning use of CloudFlare
As you use CloudFlare, the way to check the protocol is to query the HTTP_X_FORWARDED_PROTO header:
protected void Application_BeginRequest(Object source, EventArgs e)
{
if (Request.Headers["HTTP_X_FORWARDED_PROTO"] != "https")
{
Response.Redirect(Request.Url.AbsoluteUri.Replace("http://", "https://"));
}
}
The explanation is as follows: In the default configuration, CloudFlare serves the site to the client over HTTPS, but requests to your server using HTTP, thus causing redirection.
Using the header above, you are identifying the actual protocol that the site was served to the end customer.