ASP.NET MVC:如何在本地主机上自动禁用 [RequireHttps]? [英] ASP.NET MVC: How to automatically disable [RequireHttps] on localhost?

查看：21 发布时间：2021/12/14 8:53:23 asp.net-mvc debugging iis ssl localhost

本文介绍了ASP.NET MVC:如何在本地主机上自动禁用 [RequireHttps]?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我希望我的登录页面仅使用 SSL:

I want my login page to be SSL only:

    [RequireHttps]
    public ActionResult Login()
    {
        if (Helper.LoggedIn)
        {
            Response.Redirect("/account/stats");
        }

        return View();
    }

但很明显，当我开发和调试我的应用程序时，它在本地主机上不起作用.我不想将 IIS 7 与 SSL 证书一起使用，如何自动禁用 RequireHttps 属性?

But obviously it doesn't work on localhost when I develop and debug my application. I don't wanna use IIS 7 with SSL certificates, how can I automatically disable the RequireHttps attribute?

更新

根据 StackOverflow 用户提供的信息和 ASP.NET MVC 2 源代码，我创建了以下解决问题的类.

Based on info provided by StackOverflow users and ASP.NET MVC 2 source code I created the following class that solves the problem.

public class RequireSSLAttribute : FilterAttribute, IAuthorizationFilter
{
    public virtual void OnAuthorization(AuthorizationContext filterContext)
    {
        if (filterContext == null)
        {
            throw new ArgumentNullException("filterContext");
        }

        if (!filterContext.HttpContext.Request.IsSecureConnection)
        {
            HandleNonHttpsRequest(filterContext);
        }
    }

    protected virtual void HandleNonHttpsRequest(AuthorizationContext filterContext)
    {
        if (filterContext.HttpContext.Request.Url.Host.Contains("localhost")) return;

        if (!String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
        {
            throw new InvalidOperationException("The requested resource can only be accessed via SSL");
        }

        string url = "https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
        filterContext.Result = new RedirectResult(url);
    }
}

它是这样使用的:

[RequireSSL]
public ActionResult Login()
{
    if (Helper.LoggedIn)
    {
        Response.Redirect("/account/stats");
    }

    return View();
}

推荐答案

最简单的方法是从 RequireHttps 派生一个新属性并覆盖 HandleNonHttpsRequest

The easiest thing would be to derive a new attribute from RequireHttps and override HandleNonHttpsRequest

protected override void HandleNonHttpsRequest(AuthorizationContext filterContext)
        {
            if (!filterContext.HttpContext.Request.Url.Host.Contains("localhost"))
            {
                base.HandleNonHttpsRequest(filterContext);
            }
        }

HandleNonHttpsRequest 是抛出异常的方法，如果主机是本地主机，我们在这里所做的只是不调用它(正如杰夫在他的评论中所说，您可以将其扩展到测试环境或实际上您想要的任何其他异常).

HandleNonHttpsRequest is the method that throws the exception, here all we're doing is not calling it if the host is localhost (and as Jeff says in his comment you could extend this to test environments or in fact any other exceptions you want).

这篇关于ASP.NET MVC:如何在本地主机上自动禁用 [RequireHttps]?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

ASP.NET MVC:如何在本地主机上自动禁用 [RequireHttps]? [英] ASP.NET MVC: How to automatically disable [RequireHttps] on localhost?

问题描述

推荐答案

相关文章

服务器开发最新文章

热门教程

热门工具

登录关闭

ASP.NET MVC:如何在本地主机上自动禁用 [RequireHttps]? [英] ASP.NET MVC: How to automatically disable [RequireHttps] on localhost?

问题描述

推荐答案

相关文章

服务器开发最新文章

热门教程

热门工具

登录 关闭

登录关闭