HowTo: URL rewrite to redirect HTTP to HTTPS for non-local address

Below is an answer on how to redirect from HTTP to HTTPS using the URL Rewrite module for IIS, but ignoring local addresses used when debugging one’s app. Just contributed at https://stackoverflow.com/a/75898224/903783.

Needed it for an ASP.net MVC app I’m maintaining, since due to updated policy that the authenticating organisation had decided for the SSO (Apereo CAS) configuration, we couldn’t redirect anymore back to a non-HTTPs URL (had the user used plain HTTP to access our app that is), after signing in succesfully via the SSO.

Combined URL Rewrite based answers from How to redirect HTTP to HTTPS in MVC application (IIS7.5) and from the question’s page on StackOverflow, and added "127.0.0.1" apart from “localhost” for the ignored sites.

Note that the URL Rewrite approach is by far the simplest one to add and should kick in at the web server level before the web app has any chance to process the request.

I also see {REQUEST_URI} being used instead of {R:1} and pattern="^OFF$" instead of pattern="off".

At pattern added the ignoreCase="true" too, though it might be the default (same goes for enabled="true" for the rule, handy to have there if you want to turn some rule off when debugging some rule chain)

However, wondering based on https://serverfault.com/questions/224039/iis-url-rewrite-http-to-https-with-port/418530#418530 if one needs to use SERVER_NAME instead of HTTP_HOST in the pattern if non-default ports are used and specify the port in the Redirect url too

  <system.webServer>

  <!-- … -->

    <rewrite>
        <rules>

            <rule name="HTTP to HTTPS redirect (excluding localhost)" enabled="true" 
                  stopProcessing="true">
                <match url="(.*)" />
                <conditions>
                    <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                    <add input="{HTTP_HOST}" pattern="localhost" negate="true" />
                    <add input="{HTTP_HOST}" pattern="127.0.0.1" negate="true" />
                </conditions>
                <action type="Redirect" redirectType="Permanent" 
                        url="https://{HTTP_HOST}/{R:1}" />
            </rule>

        </rules>
    </rewrite>

  <!-- … -->

</system.webServer>

Fix: Temporary or Local roaming profile message after Windows login

  Researching how to solve a “You have been logged on with a temporary profile” message on a system set up to use a roaming profile (and after I had first checked/fixed the filesystem for errors which is the classic cause for that when using local profiles) I came across this article:

http://www.grouppolicy.biz/2011/07/how-to-reset-a-roaming-profile-in-windows-7

Near the end of the article they mentioned a registry trick from

https://social.technet.microsoft.com/Forums/windows/en-US/5ec0b949-effa-4e30-ba09-dc948a4c7a8b/windows-7-starting-with-a-temporary-profile?forum=w7itprogeneral

So I tried just the registry trick without even logging into an other admin account (it was an admin account that had the problem, although I know people suggest to avoid roaming for those), that is I renamed the account’s profile key under HKLM\Windows NT\Current Version\ProfileList with an appended .bak extension (instead of backing it up externally and then deleting it) and then did log off and log on again.

To find the correct child key to rename, just check each one there and see which one has the ProfileImagePath value for the profile you’re interested in. If for the login you’re using a Microsoft account instead of a local or ActiveDirectory based one and you’re not sure which name it uses underneath, then you can type the text %userprofile% at Search on the taskbar and press ENTER to see which folder path it opens.

  All was then fine on that machine, but then the rest of the computers that were fine before started complaining that due to some problem with loading the roaming profile they loaded a local copy of it instead.

The fix I devised for that issue was to log into those computers with the problematic account, rename the key for the profile again there (adding the .bak extension), log off and log on again, then rename the key back to normal and log off and log on again. That stopped the complaining (simple log off/log on without that renaming wouldn’t fix it).

Guess what that did was to not load the roaming profile, but keep referencing it while using the local copy instead and the log off after the renaming of the key to correct value again uploaded the correct profile (from the local copy) to the server.

Note that to open regedit and restore that key’s name after logging in the 2nd time (start menu and taskbar’s search wasn’t working anymore) I had to use CTRL+SHIFT+ESC (was on a remote desktop session) and at the task manager select to see more details, then use its File/Run… menu and give regedit as the command to execute.

  Btw, I’ve also seen the Reprofiler tool being mentioned, probably it can copy the roaming profile over a local copy or vice-versa if needed – https://iwrconsultancy.co.uk/reprofiler – https://sourceforge.net/projects/reprofiler/ without having to resort to registry hacks to trick the respective service into copying in the direction one wants.