MVC Permanent way to use redirects for HTTP to HTTPS and turn off for Dev Environment

女生的网名这么多〃 提交于 2019-12-12 03:28:32

问题


I got this code from here.

Notice I remmed out the part that redirects to ISSExpress 44300 port because I want to use II7.5 on dev box without https.

  public class CustomRequireHttpsFilter : RequireHttpsAttribute
        {
        protected override void HandleNonHttpsRequest(AuthorizationContext filterContext)
            {
            // The base only redirects GET, but we added HEAD as well. This avoids exceptions for bots crawling using HEAD.
            // The other requests will throw an exception to ensure the correct verbs are used. 
            // We fall back to the base method as the mvc exceptions are marked as internal. 

            if (!String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase)
                && !String.Equals(filterContext.HttpContext.Request.HttpMethod, "HEAD", StringComparison.OrdinalIgnoreCase))
                {
                base.HandleNonHttpsRequest(filterContext);
                }

            // Redirect to HTTPS version of page
            // We updated this to redirect using 301 (permanent) instead of 302 (temporary).
            string url = "https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;

            //if (string.Equals(filterContext.HttpContext.Request.Url.Host, "localhost", StringComparison.OrdinalIgnoreCase))
            //    {
            //    // For localhost requests, default to IISExpress https default port (44300)
            //    url = "https://" + filterContext.HttpContext.Request.Url.Host + ":44300" + filterContext.HttpContext.Request.RawUrl;
            //    }

            filterContext.Result = new RedirectResult(url, true);
            }
        }

Then, in my FilterDonfig.cs I added this. What it does is it only uses the override above if Web.config has "Debug=false", which is what it has in Production. I don't need to run Release in my development environment, and I also don't want configure local IIS to handle SSL. Notice I remmed out the "RequireHttpsAttribute()" and used the new one above.

public class FilterConfig
{
    public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {
        filters.Add(new HandleErrorAttribute());

        if (!HttpContext.Current.IsDebuggingEnabled)
            {
            /////filters.Add(new RequireHttpsAttribute());
            filters.Add(new CustomRequireHttpsFilter());
            }
     }
}

Am I doing the right thing? Is this how to make sure SEO is optimized because search bots only keep track of one website? My understanding is that "http" and "https" are considered 2 separate websites by search engines. Am I doing this in the right place? Not sure what other code I am getting in the way of.

===============

I asked my ISP about how to do permanent redirects and suggested this solution and they said:

Dear Customer, We did not setup redirection. However, we corrected https bind setting in IIS to fix the problem.

I wonder if IIS can do the same thing and that is what they did. I hope I'm in the right forum :)


回答1:


How about doing this at an IIS level using the URL rewrite module: http://forums.iis.net/t/1153050.aspx?URL+Rewrite+for+SSL+redirection

To turn it off in dev, just set the enabled rule to false in your dev web.config, but enable it for all servers/environments that have HTTPS set up.

I've used it in the past and its worked really well. Saves cluttering your app with code that isn't app related.



来源:https://stackoverflow.com/questions/37042763/mvc-permanent-way-to-use-redirects-for-http-to-https-and-turn-off-for-dev-enviro

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!