RequireHttps失败在重定向与参数 [英] RequireHttps Fails On Redirects with Parameters
问题描述
除了简单地从HTTP重定向到HTTPS的的 RequireHttps 属性,也改变了我的URL的问号?
到%3F
。不出所料,打破东西。
为什么呢?如何解决呢?
的情景:
-
我尝试导航到
http://www.example.com/message/compose
-
但是,让我们说我没有权限查看该页面。
<的HandleError()> _
公共类MessageController
继承System.Web.Mvc.Controller函数编制()为的ActionResult
...
如果...那么
抛出新的异常(Net.HttpStatus code.Unauthorized.ToString)
万一
...
返回查看()
结束功能
...末级
-
该行动将引发异常。
-
该异常是由我Error.aspx页面处理
<%@页面语言=VB继承=System.Web.Mvc.ViewPage(中System.Web.Mvc.HandleErrorInfo)%GT;
<脚本=服务器>
小组的Page_Load(BYVAL发件人为System.Object的,BYVAL E上System.EventArgs)
如果Model.Exception.Message = Net.HttpStatus code.Unauthorized.ToString然后
的Response.Redirect(/登入?RETURNURL =+ Url.En code(Request的))
万一
...
结束小组
< / SCRIPT>
... -
我重定向到我的登录页面:
http://www.example.com/signin?ReturnUrl=%2fmessage%2fcompose
-
但我使用HTTP和HTTPS没有。我的操作需要HTTPS。 (那<一个href=\"http://stackoverflow.com/questions/1639707/asp-net-mvc-requirehttps-in-production-only/1639831#1639831\">RemoteRequireHttps从 RequireHttps 继承并覆盖其OnAuthorization方法根本不顾本地主机。)
&LT;的HandleError()&GT; _
公共类的AccountController
继承System.Web.Mvc.Controller&放大器; LT; RemoteRequireHttps()及GT; _
签到功能()为的ActionResult
...
结束功能
...末级
-
我重定向到
https://www.example.com/signin%3FReturnUrl=%2fmessage%2fcompose
-
我看到这个错误在我的浏览器:
坏请求
块引用>看来RequireHttps改变我的问号
?
到%3F
。解决方案我的<一个href=\"http://stackoverflow.com/questions/1685724/requirehttps-fails-in-mvc-$p$pview-2-when-applying-to-accountcontroller-logon/1685774#1685774\">answer我自己的问题在这里的可能有助于(似乎是MVC中的错误2 preVIEW 2)
我可以问你为什么不使用[授权]或<一个href=\"http://davidhayden.com/blog/dave/archive/2009/04/09/CustomAuthorizationASPNETMVCFrameworkAuthorizeAttribute.aspx\"相对=nofollow>自定义授权属性。如果您在使用.NET认证,你应该使用[授权。
请注意:即使你使用[授权]它并不真正解决您所遇到的问题
Besides simply redirecting from HTTP to HTTPS, the RequireHttps attribute also changes my URL's question mark
?
to%3F
. Unsurprisingly, that breaks things.Why? How do I fix it?
scenario:
I try to navigate to
http://www.example.com/message/compose
But let's say I don't have permission to view that page.
<HandleError()> _ Public Class MessageController Inherits System.Web.Mvc.Controller
Function Compose() As ActionResult ... If ... Then Throw New Exception(Net.HttpStatusCode.Unauthorized.ToString) End If ... Return View() End Function ...
End Class
The action throws an exception.
The exception is handled by my Error.aspx page
<%@ Page Language="VB" Inherits="System.Web.Mvc.ViewPage(Of System.Web.Mvc.HandleErrorInfo)" %> <script runat="server"> Sub Page_Load(ByVal Sender As System.Object, ByVal e As System.EventArgs) If Model.Exception.Message = Net.HttpStatusCode.Unauthorized.ToString Then response.redirect("/signin?ReturnUrl=" + Url.Encode(request.Path)) End If ... End Sub </script> ...
I'm redirected to my Sign In page at
http://www.example.com/signin?ReturnUrl=%2fmessage%2fcompose
But I'm using HTTP and not HTTPS. My action requires HTTPS. (That RemoteRequireHttps inherits from RequireHttps and overrides its OnAuthorization method to simply disregard localhost.)
<HandleError()> _ Public Class AccountController Inherits System.Web.Mvc.Controller
<RemoteRequireHttps()> _ Function SignIn() As ActionResult ... End Function ...
End Class
I'm redirected to
https://www.example.com/signin%3FReturnUrl=%2fmessage%2fcompose
I see this error in my browser:
Bad Request
It seems that RequireHttps changes my question mark
?
to%3F
.解决方案My answer to my own question here might help (appears to be a bug in MVC 2 Preview 2)
Can I ask why you're not using [Authorize] or a custom authorization attribute. If you're using .NET authentication you should use [Authorize].
Note: even if you do use [Authorize] it doesnt actually fix the problem you're experiencing.
这篇关于RequireHttps失败在重定向与参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!