I followed the steps here to enforce SSL on my ASP.NET web API, but it always ends up in an infinite loop. What could I be doing wrong? The environment is Windows Server 2016 running in an AWS EC2 VM.
Reverse proxies often terminate ssl so the back end app doesn't know. They should include the original scheme in a header. Use UseForwardedHeaders for processing these. Have a look at this issue on GitHub.