远程需要 HTTPS MVC 5 [英] Remote Require HTTPS MVC 5
问题描述
我有以下属性来确保远程站点页面以 https 模式打开.
I have the following attribute to make sure that the remote site page opens in https mode.
public class RemoteRequireHttpsAttribute : RequireHttpsAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentException("Filter Context");
}
if (filterContext != null && filterContext.HttpContext != null)
{
if (filterContext.HttpContext.Request.IsLocal)
{
return;
}
else
{
string val = ConfigurationManager.AppSettings["RequireSSL"].Trim();
bool requireSsl = bool.Parse(val);
if (!requireSsl)
{
return;
}
}
}
base.OnAuthorization(filterContext);
}
}
本地开发现在工作正常,因为我不希望它以 https 模式打开.
Local development now work normal since i don't want it to open in https mode.
开发站点以 https 模式打开页面 - 这里没有问题(单节点).
Dev site opens the page in https mode - no issues here (single node).
我当前设置的生产(负载平衡 - 2 个节点)站点出现以下错误.请注意,dev 和 prod 站点具有相同的设置和 web.config
Where as the production (load balanced - 2 nodes) site that i am currently setting up is giving me following error. Please note that dev and prod sites have the same setings and web.config
页面没有正确重定向
Firefox 检测到服务器正在以永远不会完成的方式重定向对该地址的请求.
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
此问题有时可能是由于禁用或拒绝接受 cookie 造成的.
This problem can sometimes be caused by disabling or refusing to accept cookies.
开发网站网址就像http://dev.datalab.something.org
产品网站网址就像http://datalab.something.org
这里是电话
[RemoteRequireHttps]
public ActionResult Index(string returnUrl, string error)
我在这里遗漏了什么?
更新 1: 我的管理员已确认已在 lad balancer 级别设置 SSL 终止.我查看了 iis 站点设置,但没有看到 https 绑定.我只看到 http 绑定.他是否也需要设置 https 绑定?
Update 1: My admin has confirmed that the SSL termination has been setup at the lad balancer evel. I have looked at the iis site setup and i don't see https bindings. I only see http binding. Does he need to setup https bindings as well?
更新 2:@AlexeiLevenkov 为我指明了正确的方向和这篇文章 有我使用的代码并且它正在工作.将代码移动到单独的答案中.
Update 2: @AlexeiLevenkov pointed me to the right direction and this post had the code that I utilized and it is working. MOVED the code into a separate answer.
推荐答案
您的站点位于执行 SSL 终止的负载平衡器之后 - 因此,无论用户看到什么,所有传入您站点的流量都是 HTTP.这会导致您的代码总是尝试重定向到 HTTPS 版本,从而导致无限循环.
Your site is behind load balancer that does SSL termination - so as result all incoming traffic to your site is HTTP irrespective what user sees. This causes your code to always try to redirect to HTTPS version and hence infinite loop.
修复选项:
- 通常执行 SSL 终止的负载平衡器会通过自定义标头转发原始 IP/协议.x-forwarded-proto 和
x-forwarded-for是用于此目的的常用代码.如果使用这些标头或需要一些额外的配置,您可能需要与网络管理员核对 - 或者,您可以关闭 SSL 终止,但这会给您的服务器带来额外的负载.
- 还可以配置负载平衡器,以与传入请求相同的协议与服务器通信.
- Usually load balancer that does SSL termination will forward original IP/protocol via custom headers. x-forwarded-proto and
x-forwarded-forare common ones to be used for this purpose. You may need to check with network admins if these headers used or some additional configuration is needed - Alternatively you can turn off SSL termination, but it will put additional load on your server.
- One can also configure load balancer to talk to server with the same protocol as incoming request.
如何调查此类问题:
- 查看 http 调试器(如 Fiddler),看看您是否在循环中收到 30x 重定向请求.如果没有重定向 - 可能是代码错误.
- 如果您看到重复的重定向,则可能意味着站点没有看到实际的请求信息 - 可能是协议、路径 cookie 丢失.
- 要继续调查,看看用户和服务器之间有哪些设备(CDN、代理、负载平衡器等)——每个设备都有很好的机会丢失一些日期或转换协议.
这篇关于远程需要 HTTPS MVC 5的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
