How to disable HTTPS redirection in Azure Website

3
votes

I have a very simple website I'm using for testing purposes that I want to support HTTP. Presently all HTTP requests are being automatically redirected to HTTPS. Here are the steps to reproduce the app:

In Visual Studio 2019 create a new ASP.NET Core Web Application. Choose ASP.NET Core 3.1 and Empty for the project template. Disable "Configure for HTTPS". Right-click the new project and select "Publish...". Publish the app to a new App Service.

After publishing browse to the website. It will redirect you to HTTPS. Here's what I've already tried to remedy this.

In the Azure portal configure the newly created app service. Ensure App service authentication is off. In TLS/SSL settings set "HTTPS Only" to off.

In Program.cs add the UseUrls option.

public static IHostBuilder CreateHostBuilder(string[] args) =>
    Host.CreateDefaultBuilder(args)
        .ConfigureWebHostDefaults(webBuilder =>
        {
            webBuilder.UseUrls("http://localhost:8001");
            webBuilder.UseStartup<Startup>();
        });

In launchSettings.json ensure the application URL uses http.

None of the above solutions have worked for me.

3
azureasp.net-corehttpsazure-web-app-service
it might be off-topic but I think it still deserves the question why you would want to run a website these days without TLS? - silent
I've submitted a Chrome bug bugs.chromium.org/p/chromium/issues/detail?id=1052852 and I need an HTTP service to demonstrate the bug so that I can easily capture the packets in Wireshark. I know I can capture SSL traffic in Wireshark, but I assumed this would be easier. - Brian Heilig
How does your startup look like? - MichaC
@MichaC It's just the default startup you get when you create an empty ASP.NET Core web application. I wanted to keep the reproducer simple so that we can focus on the problem of redirecting HTTP to HTTPS. - Brian Heilig

3 Answers

4
votes

Just tried it real quick myself and can kinda reproduce your experience. I think it is the permanent 301 returned from the azure website when HTTPS only was ON for a while and you tested your site with the setting enabled.

azure settings

Your browser will cache that response, because its a permanent redirect.

Disabling the cache in Chrome DEV tools and explicitly calling the url with http again then works just fine for me.

chrome settings

Example blank empty ASP.NET Core 3.1 site. (I didn't change anything in program or startup or settings.)

http://webapplication1020200429115511.azurewebsites.net/

4
votes

If you're getting a 307 redirect, make sure you aren't calling app.UseHttpsRedirection(); in Startup.cs (thanks https://stackoverflow.com/a/61818466/40783)

0
votes

We are not able to force HTTPS to HTTP on Azure. Because when we created the App Services service, we used azurewebsites.net wildcard certificate. We can’t make changes no matter what you do.

For more details, you can refer this post. I also personally tried the code modification and application settings on Portal. After reading this post, I understood the principle. And you can see the certificate information.

As for the debugging program you mentioned, you need to use Wireshark for packet capture analysis. I think it's good to write filtering rules, and it's not too complicated.

enter image description here