在ASP.NET MVC中的HTTP和HTTPS之间移动 [英] Moving between HTTP and HTTPS in ASP.NET MVC
问题描述
所以,我已经找到了[RequiresHttps]属性,但是一旦你在你的HTTPS类型的卡在那里,所以要尽量能有(和方案),对一个URL的动作,我发现我已经结束了必须创建自己的ExtendedController恢复到HTTP为不使用[RequireHttps]操作。
只是想知道如果我在做什么是好的,或者是否有更好的办法?
公共类ExtendedController:控制器
{
受保护的虚拟无效HandleHtt prequest(AuthorizationContext filterContext)
{
如果(!string.Equals(filterContext.HttpContext.Request.HttpMethod,GET,StringComparison.OrdinalIgnoreCase))
{
抛出新的InvalidOperationException异常(无法与HTTPS和HTTP POST);
}
字符串的URL =HTTP://+ filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
filterContext.Result =新RedirectResult(URL);
} 保护覆盖无效OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
[对象]属性= filterContext.ActionDescriptor.GetCustomAttributes(真);
(!attributes.Any(一个=>一种是RequireHttpsAttribute))如
{
如果(filterContext == NULL)
{
抛出新的ArgumentNullException(filterContext);
}
如果(filterContext.HttpContext.Request.IsSecureConnection)
{
this.HandleHtt prequest(filterContext);
}
}
}
}
您有什么syntatically正确,但一个建议是建立一个新的Action过滤器,从默认RequireHttpsAttribute继承和接受一个参数,HTTP和HTTPS之间切换
公共类RequireHttpsAttribute:System.Web.Mvc.RequireHttpsAttribute
{
公共BOOL RequireSecure = FALSE; 公共覆盖无效OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext){
如果(RequireSecure)
{
base.OnAuthorization(filterContext);
}
其他
{
//非安全要求
如果(filterContext.HttpContext.Request.IsSecureConnection)
{
HandleNonHtt prequest(filterContext);
}
}
}受保护的虚拟无效HandleNonHtt prequest(AuthorizationContext filterContext)
{
如果(String.Equals(filterContext.HttpContext.Request.HttpMethod,GET,StringComparison.OrdinalIgnoreCase))
{
//重定向到页面的HTTP版本
字符串的URL =HTTP://+ filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
filterContext.Result =新RedirectResult(URL);
}}
然后,在你的操作方法或控制器可以使用:
[RequireHttps(RequireSecure =真)]
...
或
[RequireHttps(RequireSecure = FALSE)]
So I've found the [RequiresHttps] attribute but once your in https your kind of stuck there, so to try and be able to have actions on a single url (and scheme) I've found I've ended up having to create my own ExtendedController to revert back to http for actions that don't use [RequireHttps].
Just wondering if what I'm doing is okay or if there is a better way?
public class ExtendedController : Controller
{
protected virtual void HandleHttpRequest(AuthorizationContext filterContext)
{
if (!string.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
{
throw new InvalidOperationException("Cannot post between https and http.");
}
string url = "http://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
filterContext.Result = new RedirectResult(url);
}
protected override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
object[] attributes = filterContext.ActionDescriptor.GetCustomAttributes(true);
if (!attributes.Any(a => a is RequireHttpsAttribute))
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (filterContext.HttpContext.Request.IsSecureConnection)
{
this.HandleHttpRequest(filterContext);
}
}
}
}
What you have is syntatically correct, however a suggestion is to create a new Action filter that inherits from the default RequireHttpsAttribute and takes a parameter to switch between http and https.
public class RequireHttpsAttribute : System.Web.Mvc.RequireHttpsAttribute
{
public bool RequireSecure = false;
public override void OnAuthorization(System.Web.Mvc.AuthorizationContext filterContext)
{
if (RequireSecure)
{
base.OnAuthorization(filterContext);
}
else
{
// non secure requested
if (filterContext.HttpContext.Request.IsSecureConnection)
{
HandleNonHttpRequest(filterContext);
}
}
}
protected virtual void HandleNonHttpRequest(AuthorizationContext filterContext)
{
if (String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
{
// redirect to HTTP version of page
string url = "http://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
filterContext.Result = new RedirectResult(url);
}
}
Then, on your action method or controller you would use:
[RequireHttps (RequireSecure=true)]
...
or
[RequireHttps (RequireSecure=false)]
这篇关于在ASP.NET MVC中的HTTP和HTTPS之间移动的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!