远程要求HTTPS MVC 5 [英] Remote Require HTTPS MVC 5
问题描述
我有以下的属性,以确保远程站点页面以https模式打开。
I have the following attribute to make sure that the remote site page opens in https mode.
public class RemoteRequireHttpsAttribute : RequireHttpsAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentException("Filter Context");
}
if (filterContext != null && filterContext.HttpContext != null)
{
if (filterContext.HttpContext.Request.IsLocal)
{
return;
}
else
{
string val = ConfigurationManager.AppSettings["RequireSSL"].Trim();
bool requireSsl = bool.Parse(val);
if (!requireSsl)
{
return;
}
}
}
base.OnAuthorization(filterContext);
}
}
本地发展现在的工作正常的,因为我不希望它打开以https模式。
Local development now work normal since i don't want it to open in https mode.
开发网站打开以https模式的页面 - 在这里没有任何问题(单节点)。
Dev site opens the page in https mode - no issues here (single node).
在哪里的生产(负载均衡 - 2个节点)的网站,我目前设立是给我下面的错误。请注意,开发和生产线的站点有相同setings和web.config中
Where as the production (load balanced - 2 nodes) site that i am currently setting up is giving me following error. Please note that dev and prod sites have the same setings and web.config
页面没有正确重定向
Firefox已经检测到服务器重定向的方式为这个地址的请求,将永远不会完成。
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
此问题有时可以通过禁用或拒绝接受cookie造成的。
This problem can sometimes be caused by disabling or refusing to accept cookies.
开发网站的网址是像
http://dev.datalab.something.org
正式版网站的网址是像
http://datalab.something.org
Prod site url is like http://datalab.something.org
这是调用
[RemoteRequireHttps]
public ActionResult Index(string returnUrl, string error)
我缺少的是在这里吗?
What am i missing here?
更新1:我的管理员已确认SSL终端一直处于小伙子平衡器埃维尔设置。我已经看过了IIS站点设置,我没有看到HTTPS绑定。我只看到http绑定。他是否需要设置HTTPS绑定呢?
Update 1: My admin has confirmed that the SSL termination has been setup at the lad balancer evel. I have looked at the iis site setup and i don't see https bindings. I only see http binding. Does he need to setup https bindings as well?
更新2: @AlexeiLevenkov向我指出了正确的方向和这个帖子不得不说我使用的code和其工作正常。移动code到一个单独的答案。
Update 2: @AlexeiLevenkov pointed me to the right direction and this post had the code that I utilized and it is working. MOVED the code into a separate answer.
推荐答案
您的网站是背后负载平衡器,做SSL终止 - 从而导致所有传入你的网站流量是HTTP不论所看到的用户。这将导致您的code总是试图重定向到HTTPS版本,因此无限循环。
Your site is behind load balancer that does SSL termination - so as result all incoming traffic to your site is HTTP irrespective what user sees. This causes your code to always try to redirect to HTTPS version and hence infinite loop.
选项来解决:
- 通常负载均衡,做SSL终端将通过自定义页眉转发原始的IP /协议。 <一href=\"http://stackoverflow.com/questions/13111080/what-is-a-full-specification-of-x-forwarded-proto-http-header\">x-forwarded-proto和
的x转发换都可以用于此目的常用的。您可能需要网络管理员检查是否使用或需要一些额外的配置这些标题 - 另外,您可以关闭SSL终止,但它会把你的服务器上的额外负载。
- 一个还可以配置负载平衡器交谈服务器相同的协议,传入的请求。
- Usually load balancer that does SSL termination will forward original IP/protocol via custom headers. x-forwarded-proto and
x-forwarded-forare common ones to be used for this purpose. You may need to check with network admins if these headers used or some additional configuration is needed - Alternatively you can turn off SSL termination, but it will put additional load on your server.
- One can also configure load balancer to talk to server with the same protocol as incoming request.
如何调查这些问题:
- 查看http调试器(如小提琴手),看看是否你得到30倍重定向在一个循环的请求。如果没有重定向 - 可能code是错
- 如果您看到重复的重定向那么很可能意味着网站没有看到实际的请求信息 - 可能是协议,路径饼干失踪。
- 要继续调查,看设备是用户与服务器之间的内容(CDN,代理服务器,负载均衡器,...) - 每个人都有很好的机会要宽松一些日期或改造协议 。
这篇关于远程要求HTTPS MVC 5的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
