在ASP.NET MVC中的HTTP和HTTPS之间移动 [英] Moving between HTTP and HTTPS in ASP.NET MVC

查看:723
本文介绍了在ASP.NET MVC中的HTTP和HTTPS之间移动的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

所以,我已经找到了[RequiresHttps]属性,但是一旦你在你的HTTPS类型的卡在那里,所以要尽量能有(和方案),对一个URL的动作,我发现我已经结束了必须创建自己的ExtendedController恢复到HTTP为不使用[RequireHttps]操作。

只是想知道如果我在做什么是好的,或者是否有更好的办法?

 公共类ExtendedController:控制器
{
    受保护的虚拟无效HandleHtt prequest(AuthorizationContext filterContext)
    {
        如果(!string.Equals(filterContext.HttpContext.Request.HttpMethod,GET,StringComparison.OrdinalIgnoreCase))
        {
            抛出新的InvalidOperationException异常(无法与HTTPS和HTTP POST);
        }
        字符串的URL =HTTP://+ filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
        filterContext.Result =新RedirectResult(URL);
    }    保护覆盖无效OnAuthorization(AuthorizationContext filterContext)
    {
        base.OnAuthorization(filterContext);
        [对象]属性= filterContext.ActionDescriptor.GetCustomAttributes(真);
        (!attributes.Any(一个=>一种是RequireHttpsAttribute))如
        {
            如果(filterContext == NULL)
            {
                抛出新的ArgumentNullException(filterContext);
            }
            如果(filterContext.HttpContext.Request.IsSecureConnection)
            {
                this.HandleHtt prequest(filterContext);
            }
        }
    }
}


解决方案

您有什么syntatically正确,但一个建议是建立一个新的Action过滤器,从默认RequireHttpsAttribute继承和接受一个参数,HTTP和HTTPS之间切换

 公共类RequireHttpsAttribute:System.Web.Mvc.RequireHttpsAttribute
{
    公共BOOL RequireSecure = FALSE;    公共覆盖无效OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext){
    如果(RequireSecure)
    {
        base.OnAuthorization(filterContext);
    }
    其他
    {
        //非安全要求
        如果(filterContext.HttpContext.Request.IsSecureConnection)
        {
            HandleNonHtt prequest(filterContext);
        }
    }
}受保护的虚拟无效HandleNonHtt prequest(AuthorizationContext filterContext)
{
    如果(String.Equals(filterContext.HttpContext.Request.HttpMethod,GET,StringComparison.OrdinalIgnoreCase))
    {
        //重定向到页面的HTTP版本
        字符串的URL =HTTP://+ filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
        filterContext.Result =新RedirectResult(URL);
    }}

然后,在你的操作方法或控制器可以使用:

  [RequireHttps(RequireSecure =真)]

... 

  [RequireHttps(RequireSecure = FALSE)]

So I've found the [RequiresHttps] attribute but once your in https your kind of stuck there, so to try and be able to have actions on a single url (and scheme) I've found I've ended up having to create my own ExtendedController to revert back to http for actions that don't use [RequireHttps].

Just wondering if what I'm doing is okay or if there is a better way?

public class ExtendedController : Controller
{
    protected virtual void HandleHttpRequest(AuthorizationContext filterContext)
    {
        if (!string.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
        {
            throw new InvalidOperationException("Cannot post between https and http.");
        }
        string url = "http://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
        filterContext.Result = new RedirectResult(url);
    }

    protected override void OnAuthorization(AuthorizationContext filterContext)
    {
        base.OnAuthorization(filterContext);
        object[] attributes = filterContext.ActionDescriptor.GetCustomAttributes(true);
        if (!attributes.Any(a => a is RequireHttpsAttribute))
        {
            if (filterContext == null)
            {
                throw new ArgumentNullException("filterContext");
            }
            if (filterContext.HttpContext.Request.IsSecureConnection)
            {
                this.HandleHttpRequest(filterContext);
            }
        }
    }
}

解决方案

What you have is syntatically correct, however a suggestion is to create a new Action filter that inherits from the default RequireHttpsAttribute and takes a parameter to switch between http and https.

public class RequireHttpsAttribute : System.Web.Mvc.RequireHttpsAttribute
{
    public bool RequireSecure = false;

    public override void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext)

{
    if (RequireSecure)
    {
        base.OnAuthorization(filterContext);
    }
    else
    {
        // non secure requested
        if (filterContext.HttpContext.Request.IsSecureConnection)
        {
            HandleNonHttpRequest(filterContext);
        }
    }
}

protected virtual void HandleNonHttpRequest(AuthorizationContext filterContext)
{
    if (String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
    {
        // redirect to HTTP version of page
        string url = "http://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
        filterContext.Result = new RedirectResult(url);
    }

}

Then, on your action method or controller you would use:

[RequireHttps (RequireSecure=true)]

...

or

[RequireHttps (RequireSecure=false)]

这篇关于在ASP.NET MVC中的HTTP和HTTPS之间移动的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
ASP .NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆