ASP.NET：重定向到https的最佳实践 [英] ASP.NET: best practice for redirecting to https

问题描述

我的工作有一个页面，需要使用SSL证书的一个项目。所有在该网站此页拼版使用https而不是http的环节，但在用户可以直接导航到我想要的页面的HTTP版本重定向到本身，而是使用https的页面的情况。

I am working on a project that has one page that needs to make use of the SSL certificate. All of the links in the site to this page make use of https instead of http, but in the case that a user may navigate directly to the page I want the http version of the page to redirect to itself but use https.

我可以做在Page_Load事件的Response.Redirect。我可以写javascript将更新，这将导致回发放在location.href。我敢肯定有更多的方法对皮肤这只猫。

I can do a Response.Redirect in the page_load event. I can write javascript that will update the location.href which will cause the postback. I'm sure there are more ways to skin this cat.

我的问题是，究竟是什么在IIS 6或7的ASP.NET网站一个http页面重定向到https的最佳做法？是否有一个最佳做法或全部替代平等的吗？

My question is, what is the best practice for an ASP.NET site on IIS 6 or 7 to redirect an http page to https? Is there a best practice or are all alternatives equal?

推荐答案

我会使用URL重写来做到这一点。为什么？因为它是实现简单，无需修改应用程序，并且易于维护。

I'd use URL rewriting to do that. Why? because it's simple to implement, requires no modifications to the application, and is easy to maintain.

在IIS7可以完成，使用 URL重写模块，例如：

On IIS7 you can accomplish that using URL rewrite module, for example:

<!-- http:// to https:// rule -->
<rule name="ForceHttpsBilling" stopProcessing="true">
  <match url="(.*)billing/(.*)" ignoreCase="true" />
  <conditions>
    <add input="{HTTPS}" pattern="off" ignoreCase="false" />
  </conditions>
  <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{REQUEST_URI}" />
</rule>

在IIS6，你将不得不使用第三方库。我使用IIRF（ HTTP：//www.$c$cplex.com/IIRF ）是自由的，稳定的，并且具有的特征量好

On IIS6 you'll have to use a 3rd party library. I use IIRF (http://www.codeplex.com/IIRF) it's free, stable, and has a good amount of features.

这篇关于ASP.NET：重定向到https的最佳实践的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！