asp.net c# 从 http 重定向到 https [英] asp.net c# redirecting from http to https

问题描述

所以在我的代码中，我想检测我的登录页面是否被称为 http，并将其重定向到 https.

So in my code I want to detect if my login page is being called http, and redirect it to https.

我知道有非代码方法可以给这只猫剥皮，但出于令人沮丧的技术原因，我支持用代码来做.

I know there are non code ways to skin this cat, but for frustrating technical reasosn I'm backed into doing it in code.

            if (!Request.IsSecureConnection)
            {
                string redirectUrl = Request.Url.ToString().Replace("http:", "https:");
                Response.Redirect(redirectUrl);
            }

所以我把它放到我的 Page_Load(...) 中，确保我的调试器使用真正的 IIS，而不是 VS2008s IIS，然后点击调试.

So I drop this in my Page_Load(...), make sure my debugger uses real IIS, not VS2008s IIS, and hit debug.

在调试器中，华尔兹舞曲，敲击Response.Redirect("https://localhost/StudentPortal3G/AccessControl/AdLogin.aspx"),按 f5.

Inthe debugger, waltz along, hit Response.Redirect("https://localhost/StudentPortal3G/AccessControl/AdLogin.aspx"), hit f5.

获取Internet Explorere 无法显示网页，url 是 HTTP，而不是 HTTPS.没有收到信息性错误......同样的事情发生在调试器中没有运行.

Get "Internet Explorere Cannot Display the webpage, url is HTTP, not HTTPS. Not getting an informative error... same thing happens not running in the debugger.

那我错过了什么?它似乎不是火箭科学，我在很多博客上看到过类似的代码......

So what am I missing? it does not appear to be rocket science, I've seen similar code on lots of blogs...

我做错了什么?我想这一定是一个完全明显的 Rookie 错误，但我没有看到.

What am I doing wrong? I figure it has to be a totally obvious Rookie mistake, but I'm not seeing it.

推荐答案

我也会做一个 !Request.IsLocal 以确保我没有调试，但如果你是在调试时使用带有证书的真实 IIS 实例，这应该不是问题.

I'd do a !Request.IsLocal as well to make sure that I'm not debugging, though if you're using a real instance of IIS with a cert applied when debugging that shouldn't be an issue.

if (!Request.IsLocal && !Request.IsSecureConnection)
{
    string redirectUrl = Request.Url.ToString().Replace("http:", "https:");
    Response.Redirect(redirectUrl, false);
    HttpContext.ApplicationInstance.CompleteRequest();
}

注意:此答案假定控制器内有一个 MVC 上下文，其中 HttpContext 是保存当前上下文的属性.如果您不幸仍然使用 WebForms 或以退化的方式引用上下文，您将需要使用 HttpContext.Current.ApplicationInstance.CompleteRequest().

Note: This answer assumes an MVC context within a Controller where HttpContext is a property holding the current context. If you're unlucky enough to still be using WebForms or are referencing the context in a degenerate way you will need to use HttpContext.Current.ApplicationInstance.CompleteRequest().

注意:我已将其更新为与推荐的模式一致，以根据 框架文档.

Note: I've updated this to be consistent with the recommended pattern to terminate the request according to the framework documentation.

当您在页面处理程序中使用此方法终止请求时一页并开始对另一页的新请求，将 endResponse 设置为false，然后调用 CompleteRequest 方法.如果您指定 true对于 endResponse 参数，此方法调用 End 方法原始请求，抛出 ThreadAbortException 异常当它完成时.此异常对 Web 有不利影响应用程序性能，这就是为什么为推荐使用 endResponse 参数.有关更多信息，请参阅结束方法.

When you use this method in a page handler to terminate a request for one page and start a new request for another page, set endResponse to false and then call the CompleteRequest method. If you specify true for the endResponse parameter, this method calls the End method for the original request, which throws a ThreadAbortException exception when it completes. This exception has a detrimental effect on Web application performance, which is why passing false for the endResponse parameter is recommended. For more information, see the End method.

这篇关于asp.net c# 从 http 重定向到 https的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！