从HTTPS重定向废除ASP.NET MVC应用程序 [英] Redirect away from HTTPS with ASP.NET MVC App
问题描述
我使用ASP.NET MVC 2和有一个通过HTTPS安全登录页面。为了确保用户始终访问通过SSL这些网页,我已经添加了 [RequireHttps]
属性到控制器。这样做的工作非常完美。
I'm using ASP.NET MVC 2 and have a login page that is secured via HTTPS. To ensure that the user always accesses those pages via SSL, I've added the attribute [RequireHttps]
to the controller. This does the job perfectly.
当他们成功登录后,我想他们重定向到HTTP版本。但是,没有一个 [RequireHttp]
属性,我努力让我的头围绕我怎么可能做到这一点。
When they have successfully logged in, I'd like to redirect them back to HTTP version. However, there isn't a [RequireHttp]
attribute and I'm struggling to get my head around how I might achieve this.
添加的(潜在)复杂的是,当在生产中的域的路线托管,但对于开发和测试的目的,是一个子目录/虚拟目录/应用程序中的网站。
The added (potential) complication is that the website when in production is hosted at the route of the domain, but for development and testing purposes it is within a sub directory / virtual directory / application.
我是不是过想这是有一个简单的解决方案,盯着我的脸?或者是有点复杂?
Am I over-thinking this and is there an easy solution staring me in the face? Or is it a little more complex?
推荐答案
有点挖后,我沿着滚动我自己的线去,因为没有出现是一个很好的内置解决这个(如提及,对于在<一个形式MVC2应用一个伟大的href=\"http://msdn.microsoft.com/en-us/library/system.web.mvc.requirehttpsattribute%28VS.100%29.aspx\">[RequireHttps]).由çağdaş的解决方案的这个问题我adapated拿出以下code:
After a bit of digging, I went along the lines of rolling my own as there didn't appear to be a good built-in solution to this (as mentioned, there is a great one for MVC2 applications in the form of [RequireHttps]). Inspired by çağdaş's solution to this problem and I adapated to come up with the following code:
public class RequireHttp : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
// If the request has arrived via HTTPS...
if (filterContext.HttpContext.Request.IsSecureConnection)
{
filterContext.Result = new RedirectResult(filterContext.HttpContext.Request.Url.ToString().Replace("https:", "http:")); // Go on, bugger off "s"!
filterContext.Result.ExecuteResult(filterContext);
}
base.OnActionExecuting(filterContext);
}
}
我现在可以将它添加到我的控制器的方法和它的行为(貌似)如预期。如果我重定向到从HTTPS协议我的控制器上的指数操作,它会重定向到HTTP。它仅允许索引的ActionResult HTTP访问。
I can now add this to my Controller methods and it behaves (seemingly) as expected. If I redirect to the Index action on my controller from a HTTPS protocol, it will redirect to HTTP. It only allows HTTP access to the Index ActionResult.
[RequireHttp]
public ActionResult Index() {
return View();
}
这篇关于从HTTPS重定向废除ASP.NET MVC应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!