发表新帖
发表新帖

mvc3 https & http

后端 未结
关注
4 849
攒了一身酷
攒了一身酷 2021-01-02 04:05

I am converting an asp.net application into mvc3. Lets say I have a sign in page that requires https and every other page only needs http how can I redirect the signin to ht

相关标签:
4条回答
  • 滥情空心
    2021-01-02 04:41

    I like this solution because: 1. Cause you never have to touch it again in VS. The decorator by itself causes the browser to render the site in https even in debug.

    1. If you implement it into a base controller and have all your controllers inherit from that controller, you know there is no slipping in the back do "So to speak". 

      #if !DEBUG
#define RELEASE
#endif namespace ProjectName.UI.Controllers {
    using System.Web.Mvc;
    #if RELEASE
        [RequireHttps]
    #endif
    public abstract partial class ProjectNameBaseController : Controller
    {
    } 
}
    0 讨论(0)
  • 不思量自难忘°
    2021-01-02 04:46

    The RequireHttpsAttribute class may be what you want.

    [RequireHttps]
public ActionResult SignIn() {
   return View();
}
    0 讨论(0)
  • 庸人自扰
    2021-01-02 04:52

    the issue is that after log in all your requests are going to be https even if you don't want it

    0 讨论(0)
  • 情话喂你
    2021-01-02 04:56

    A co-worker of mine and I looked at this and believe we found a good solution. Here is what we came up with:

    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public class HttpsRequiredAttribute : RequireHttpsAttribute
{
    protected override void HandleNonHttpsRequest(AuthorizationContext filterContext)
    {
        // Check to see if we're secure
        string requirestr = ConfigurationManager.AppSettings["RequireHttps"];
        bool require;
        if (bool.TryParse(requirestr, out require) && require)
            base.HandleNonHttpsRequest(filterContext);
    }       

}

    This works by extending the RequireHttpsAttribute, and can be applied to a class or method, as indicated by the AttributeTargets. We then overrode the virtual function in RequireHttpsAttribute. What the method does is check the Web.config file for a key called "RequireHttps". If it cannot find it, or it's an invalid bool value (which is what the bool.tryparse checks), then it does not require Https. If it finds the value as true, then it requires HTTPS.

    If you use this extension, you'll need to add a key in your Web.config called "RequireHttps," like so: <add key="RequireHttps" value="true"/> You can then turn off the requirement for Https by changing this variable for when you're debugging, or by changing your Web.config file to have the requirement wherever your site is deployed.

    0 讨论(0)
 看不清?
提交回复
热议问题