ASP.NET MVC期货RequireSSL属性和授权属性一起 [英] ASP.NET MVC Futures RequireSSL Attribute and Authorize Attribute Together

查看:142
本文介绍了ASP.NET MVC期货RequireSSL属性和授权属性一起的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

有没有人成功地同时使用授权和RequireSSL(从MVC期货)属性一起控制器上?我创建了一个控制器,我必须强制用户必须登录并使用,以执行一个安全连接的规则。如果用户不是一个安全的连接,我想应用重定向到HTTPS,这样我使用重定向=上RequireSSL属性如此。在code看起来像(CheckPasswordExpired是我土生土长的属性):

Is anyone successfully using both the Authorize and RequireSSL (from MVC futures) attributes together on a controller? I have created a controller for which I must enforce the rule that the user must be logged in and using a secure connection in order to execute. If the user is not on a secure connection, I want the app to redirect to https, thus I am using Redirect=true on the RequireSSL attribute. The code looks something like (CheckPasswordExpired is my homegrown attribute):

[Authorize]
[RequireSsl(Redirect = true)]
[CheckPasswordExpired(ActionName = "ChangePassword",
    ControllerName = "Account")]
[HandleError]
public class ActionsController : Controller
{
    ....
}

mysite.com/Actions/Index是站点的默认路由,也是默认页面重定向到窗体身份验证。

mysite.com/Actions/Index is the default route for the site and also the default page to redirect to for forms authentication.

当我浏览到 http://mysite.com ,我想要得到的是重定向到一个安全的用户连接,因为它们没有被验证,到登录页面。我得到的是一个HTTP 400错误(错误请求)。如果我浏览到 http://mysite.com/Account/Login ,重定向工作,但既不是我账户控制器也不登录的操作方法有[授权]属性。

When I browse to http://mysite.com, what I want to get is the user redirected to a secure connection, and because they are not authenticated yet, to the login page. What I get is an HTTP 400 error (Bad Request). If I navigate to http://mysite.com/Account/Login, the redirect works, but neither my Account controller nor Login action method have the [Authorize] attribute.

任何人有使用这两个属性一起实现我的目标的经验吗?

Anyone have any experience with using these two attributes together to achieve my objective?

谢谢!

推荐答案

我使用他们两人成功。你有你的默认操作的属性?

I'm using both of them with success. Do you have the attributes on your default action?

public class HomeController : BaseController
{
  [Authorize]
  [RequireSsl]
  public ActionResult Index ()
  {
  }
}

顺便说一下我使用一个稍作修改的版本比期货,这样我可以在全球范围禁用SSL:

BTW I'm using a slightly modified version than the futures so that I can disable SSL globally:

[AttributeUsage (AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public sealed class RequireSslAttribute : FilterAttribute, IAuthorizationFilter
{
	public RequireSslAttribute ()
	{
		Redirect = true;
	}

	public bool Redirect { get; set; }

	public void OnAuthorization (AuthorizationContext filterContext)
	{
		Validate.IsNotNull (filterContext, "filterContext");

		if (!Enable)
		{
			return;
		}

		if (!filterContext.HttpContext.Request.IsSecureConnection)
		{
			// request is not SSL-protected, so throw or redirect
			if (Redirect)
			{
				// form new URL
				UriBuilder builder = new UriBuilder
				{
					Scheme = "https",
					Host = filterContext.HttpContext.Request.Url.Host,
					// use the RawUrl since it works with URL Rewriting
					Path = filterContext.HttpContext.Request.RawUrl
				};
				filterContext.Result = new RedirectResult (builder.ToString ());
			}
			else
			{
				throw new HttpException ((int)HttpStatusCode.Forbidden, "Access forbidden. The requested resource requires an SSL connection.");
			}
		}
	}

	public static bool Enable { get; set; }
}

这篇关于ASP.NET MVC期货RequireSSL属性和授权属性一起的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆