I try to understand a strange behavior I've never seen before.
I have a site. HTTP hostname-binding on port 80 are configured. The site are accessible on HTTP.
When I add a HTTPS binding (tried bout SNI and without) I can access the site over HTTPS. But, when I try to access the site over HTTP I get an 307-redirect to HTTPS.
I have no IIS redirect rules or URL Rewrite rules added. Also If I change the HTTPS port to another port eg. 44300, the redirects from HTTP (port 80) updates to redirect to the non-standard-port configured.
Worth to not, it's a .NET Core site. Is there a chance the application can check the IIS bindings and then do a proper redirect here?
Thanks for all your clever ideas!
Edit:
I find a reference to: Microsoft.AspNetCore.HttpsPolicy
in a json-file. I dont have the source code.
Also, if I clear the web-root and just add a static index.htm-file the magical redirect will not happen. So, something with the ASP.NET Core application, it seems to read the port number from the IIS configuration, which sounds wired to me.
.NET Core contains a default HTTP to HTTPS redirection, which can accidentally be activated when it detects the condition met. So if that's not what you desired, find the developers to disable that completely (remove
UseHttpsRedirection
from the code).Reference