We Keep Coding

ASP.Net MVC RedirectToSsl Issue - c#

I am working on eCommerce app Using Asp.net 3.5 MVC.
On my Cart View I have checkout button that redirect to Checkout action on the same controller:
<%= Html.ActionLink("CheckOut", "CheckOut") %>
My controller looks like this:
[RequireSsl(Redirect=true)]
public ActionResult CheckOut()
{
return View();
}
But when I click on checkout the URL seems to be correct: (see update) https://localhost/Cart/CheckOut but I get following error:
Data Transfer Interrupted
The connection to localhost was interrupted while the page was loading.
The browser connected successfully, but the connection was interrupted while transferring information. Please try again.
Any idea what I am doing wrong?
UPD: Actually after redirection the port number is gone. (I am using ASP.Net development server). But even typing in address box correct url produce the same error

Is the site setup in IIS? If not, that could be the issue. I do not believe the Visual Studio Debugger supports SSL.

Related

1.I have tried adding the IIS Rewrite Rule which works for local environment but not in the higher environments.
2.Sitecore redirect settings is also not working.
3.Currently (localhost)/default loads the homepage and I need this to get redirected to another page of my site.
Can somebody help me to achieve this without overriding the HttpBeginRequest Processor?

public IActionResult Privacy(){return Redirect("https://google.com"); }
As you have an MVC project, requests will all route to a controller action, you can set the redirection in the corresponding action.

I have a small application running on Net core 3.1 (C#) that fails to redirect to a page when the app is published on IIS.
However upon running on Visual Studio, it works perfectly fine. I have checked the IIS logs and it gets the POST action.
Web inspection tools return a 404.
My Index View to be accessed first is as follows:
<form method="post" asp-action="Index" asp-controller="Home">
The controller is as follows:
public ActionResult Index()
{
return View();
}
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Index(OTPData mydata)
{
.
.
return RedirectToAction("EnterOTP")
}
When debugging to the attached process, the following window pops up:

I recommend that you use tracing to troubleshoot failed requests.
You can enable "Failed Request Tracking".
When a 404 error occurs, open the log file to view detailed error information, such as the requested URL.
Troubleshooting Failed Requests Using Tracing
You can find the place of error according to the detailed error prompt. You can also tell us the specific error message, and we can give you some suggestions or solutions based on it.

Problem:
Using an ASP.NET Core 2.1 MVC project, I'm receiving the following browser error message after using the browser back button to return to a form, where the form POST failed server-side validation:
Error message in Firefox:
Document Expired
This document is no longer available.
The requested document is not available in Firefox’s cache.
As a security precaution, Firefox does not automatically re-request sensitive documents.
Click Try Again to re-request the document from the website.
Error message in Chrome:
Confirm Form Resubmission
This webpage requires data that you entered earlier in order to be
properly displayed. You can send this data again, but by doing so you
will repeat any action this page previously performed.
Press the reload button to resubmit the data needed to load the page.
ERR_CACHE_MISS
Steps to reproduce:
Submit an HTML form post, where server-side validation fails
navigating to a different URL
click the browser back button to return to the page with the form
Notes:
It appears to be related to Response caching (https://learn.microsoft.com/en-us/aspnet/core/performance/caching/middleware?view=aspnetcore-2.1) being disabled for the Antiforgery system.
The Antiforgery system for generating secure tokens to prevent
Cross-Site Request Forgery (CSRF) attacks sets the Cache-Control and
Pragma headers to no-cache so that responses aren't cached. For
information on how to disable antiforgery tokens for HTML form
elements, see ASP.NET Core antiforgery configuration.
Which I can confirm, if you remove #Html.AntiForgeryToken() from being included in the HTML form, the browser error message goes away.
This was not an issue in ASP.NET MVC5 using the AntiForgeryToken.
Question:
In ASP.NET Core 2.1, has anyone found a way to continue to use the Antiforgery system and prevent this browser error message from being displayed when the browser back button is used?
Here's my POST action:
[HttpPost]
[ValidateAntiForgeryToken]
[ActionName("Contact-Form")]
public async Task<ActionResult> ContactForm(ContactFormViewModel cfvm)
{
if (ModelState.IsValid)
{
// << Handling of the form submit code here >>
TempData["Success"] = string.Format("Your contact request was submitted successfully!");
return RedirectToAction("Contact-Form-Success");
}
TempData["Error"] = "The form did not submit successfully. Please verify that all of the required fields are filled.";
return View();
}
Update:
I posted the question on the ASP.NET Core Docs:
https://github.com/aspnet/Docs/issues/7590

This is a not a language specific issue. This is a browser behavior. To say this was 'not an issue with ASP.NET MVC 5' is incorrect.
Solutions:
A common method of solving this is the PRG pattern which has been around since 1995.
An implementation of this for ASP.NET Core, using TempData can be found here
And I think that this link would be most helpful for you, since it demonstrates a method implemented in both MVC 5 and MVC 6.
I hope this helps!
I will try and update this post soon with a sample based on a razor-page starter project, time permitting.

When we test our program in local server the 3rd party login works fine, but that's not the case when we publish it onto the actual server. When we use 3rd party login on actual server, it didn't work.
So far what we know is our server provider is using https while our IIS server setting is using http. Could this be the cause? If not, any idea what's the problem we are encountering?
Here is the URL when we are entering account on Facebook 3rd party login page:
https://www.facebook.com/login.php?skip_api_login=1&api_key=569249369941462&signed_next=1&next=https%3A%2F%2Fwww.facebook.com%2Fv2.8%2Fdialog%2Foauth%3Fredirect_uri%3Dhttp%253A%252F%252Fwww.ipce.com.tw%252Fsignin-facebook%26state%3DwXOgKtgLeatXfqXP-Cv-Rc5EJu7AYiWQyqyN4bqtWfgZr6ncxzc9uerpXv4uSKZoSUQpWwO5AUt2YksiIP3q05GhjVUoT94kMZD5E57a2PgMaJT8oSrXh1K9lrH3g88DF0M2jtGX-DWJl-UJ66g_neu5xx1pGsIc3NBvblBjQfWM_rR6Vt8qB16GTCMqxSsQXhH4UXRDuQY5eBLSUKS7W0SRJMzDNClgMRT-VTZ7Gvv4oYTEAXnFG6qmh41o-xT5%26scope%3Demail%26response_type%3Dcode%26client_id%3D569249369941462%26ret%3Dlogin%26logger_id%3D2a07ffc7-acf8-ad97-0b9f-b45dcff38b39&cancel_url=http%3A%2F%2Fwww.ipce.com.tw%2Fsignin-facebook%3Ferror%3Daccess_denied%26error_code%3D200%26error_description%3DPermissions%2Berror%26error_reason%3Duser_denied%26state%3DwXOgKtgLeatXfqXP-Cv-Rc5EJu7AYiWQyqyN4bqtWfgZr6ncxzc9uerpXv4uSKZoSUQpWwO5AUt2YksiIP3q05GhjVUoT94kMZD5E57a2PgMaJT8oSrXh1K9lrH3g88DF0M2jtGX-DWJl-UJ66g_neu5xx1pGsIc3NBvblBjQfWM_rR6Vt8qB16GTCMqxSsQXhH4UXRDuQY5eBLSUKS7W0SRJMzDNClgMRT-VTZ7Gvv4oYTEAXnFG6qmh41o-xT5%23_%3D_&display=page&locale=zh_TW&logger_id=2a07ffc7-acf8-ad97-0b9f-b45dcff38b39
and this is the URL after we login, back to our home page but /Account/ExternalLoginCallback is not called
https://www.ipce.com.tw/?code=AQAUdHG-r1AxBOy1xkVm4sklkq-tBKn-9c_PAYqqpZmwiseTcKWAnTRJkoyeoZkiwReg_x7VSnMymQiWgqp0ZdnhlH1ypijH-FSyaca5BDCMJUS04x05CNVjrN5HvuRXdVJkv2OHwzqkTSWvkwC6S58nrRckIjroKjjGDqaWvldOt_0g8nFe_ZvLovj_hbdQs5SPE4M97CpPrm0ExudeEddEo1zn29RIMabS204kF445Hn73X90RTy7WpIqAINpcIIwK4XeAQMcoqoBQinaVRyjrNxjvKoAEXqBPBKKkdJn7u3bx94rFZXqHGGMJ6uth0rBSpDPJgtq0M1XMmYXfESjS&state=wXOgKtgLeatXfqXP-Cv-Rc5EJu7AYiWQyqyN4bqtWfgZr6ncxzc9uerpXv4uSKZoSUQpWwO5AUt2YksiIP3q05GhjVUoT94kMZD5E57a2PgMaJT8oSrXh1K9lrH3g88DF0M2jtGX-DWJl-UJ66g_neu5xx1pGsIc3NBvblBjQfWM_rR6Vt8qB16GTCMqxSsQXhH4UXRDuQY5eBLSUKS7W0SRJMzDNClgMRT-VTZ7Gvv4oYTEAXnFG6qmh41o-xT5#/_=_
I tried forcing http to https, but a server error 500 happened, I can't figure another way to fix the problem.
somebody help me please
Try 1
I set localhost server Route like this:
routes.MapRoute(
name: "SigninFacebook",
url: "signin-facebook",
defaults: new { controller = "Member", action = "ExternalLoginCallback" }
);
It works! but it responded HTTP ERROR 500.
I tried applying the setting to actual server, well, nothing happened.
It still redirect to our home page, and ExternalLoginCallback still not called.
I doubt our actual server didn't get to signin-facebook Route.

I suppose it happens because you provide redirect_uri=localhost.
This parameter is used to redirect the browser page after successful 3rd party login to provide a auth code from Facebook to your server.
It works in your test environment because your webserver is local so browser can perform redirect to localhost.
But in production environment the real domain name should be used instead of localhost.

I have hosted many ASP.NET and MVC applications before. I was playing with MVC6 lately and tried to host an MVC6 application.
Everything works fine if I host it as a new website. When I host it as an application under the default website of IIS, it only shows an empty page. Please find the log information below
warn:
Microsoft.Extensions.DependencyInjection.DataProtectionServices[0]
Neither user profile nor HKLM registry available. Using an ephemeral key repository. Protected data will be unavailable when
application exits. warn:
Microsoft.AspNet.DataProtection.Repositories.EphemeralXmlRepository[0]
Using an in-memory repository. Keys will not be persisted to storage. Hosting environment: Production Now listening on:
http://localhost:23000 Application started. Press Ctrl+C to shut down.
info: Microsoft.AspNet.Hosting.Internal.HostingEngine[1]
Request starting HTTP/1.1 GET http://localhost/MVC6 info: Microsoft.AspNet.Hosting.Internal.HostingEngine[2]
Request finished in 0.0687ms 404
Note: Default website uses application pool asp.net4.5 and my MVC6 application uses it's own application pool as mentioned in http://docs.asp.net/en/latest/publishing/iis.html#iis-server-configuration
Anyone else faced similar problem like this? I want to know how to make it work under default website

Edit: This is a bug in vs2015 rc1 https://github.com/aspnet/Hosting/issues/416#issuecomment-149046552.
There is a workaround for this bug in above link but I followed a different method because I need to host my application in more than one website without republishing.
I resolved the above problem using the Route attribute. After adding the route attribute to an action result, application works fine
public class HomeController : Controller
{
[Route("MVC6")]
[Route("")]
public IActionResult Index()
{
return View();
}
}