从HTTPS重定向废除ASP.NET MVC应用程序 [英] Redirect away from HTTPS with ASP.NET MVC App

问题描述

我使用ASP.NET MVC 2和有一个通过HTTPS安全登录页面。为了确保用户始终访问通过SSL这些网页，我已经添加了 [RequireHttps] 属性到控制器。这样做的工作非常完美。

I'm using ASP.NET MVC 2 and have a login page that is secured via HTTPS. To ensure that the user always accesses those pages via SSL, I've added the attribute [RequireHttps] to the controller. This does the job perfectly.

当他们成功登录后，我想他们重定向到HTTP版本。但是，没有一个 [RequireHttp] 属性，我努力让我的头围绕我怎么可能做到这一点。

When they have successfully logged in, I'd like to redirect them back to HTTP version. However, there isn't a [RequireHttp] attribute and I'm struggling to get my head around how I might achieve this.

添加的（潜在）复杂的是，当在生产中的域的路线托管，但对于开发和测试的目的，是一个子目录/虚拟目录/应用程序中的网站。

The added (potential) complication is that the website when in production is hosted at the route of the domain, but for development and testing purposes it is within a sub directory / virtual directory / application.

我是不是过想这是有一个简单的解决方案，盯着我的脸？或者是有点复杂？

Am I over-thinking this and is there an easy solution staring me in the face? Or is it a little more complex?

推荐答案

有点挖后，我沿着滚动我自己的线去，因为没有出现是一个很好的内置解决这个（如提及，对于在<一个形式MVC2应用一个伟大的href=\"http://msdn.microsoft.com/en-us/library/system.web.mvc.requirehttpsattribute%28VS.100%29.aspx\">[RequireHttps]).由çağdaş的解决方案的这个问题我adapated拿出以下code：

After a bit of digging, I went along the lines of rolling my own as there didn't appear to be a good built-in solution to this (as mentioned, there is a great one for MVC2 applications in the form of [RequireHttps]). Inspired by çağdaş's solution to this problem and I adapated to come up with the following code:

public class RequireHttp : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        // If the request has arrived via HTTPS...
        if (filterContext.HttpContext.Request.IsSecureConnection)
        {
            filterContext.Result = new RedirectResult(filterContext.HttpContext.Request.Url.ToString().Replace("https:", "http:")); // Go on, bugger off "s"!
            filterContext.Result.ExecuteResult(filterContext);
        }
        base.OnActionExecuting(filterContext);
    }
}

我现在可以将它添加到我的控制器的方法和它的行为（貌似）如预期。如果我重定向到从HTTPS协议我的控制器上的指数操作，它会重定向到HTTP。它仅允许索引的ActionResult HTTP访问。

I can now add this to my Controller methods and it behaves (seemingly) as expected. If I redirect to the Index action on my controller from a HTTPS protocol, it will redirect to HTTP. It only allows HTTP access to the Index ActionResult.

[RequireHttp]
public ActionResult Index() {
    return View();
}

这篇关于从HTTPS重定向废除ASP.NET MVC应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！