ASP.NET MVC:如何自动禁用[RequireHttps]在本地主机上? [英] ASP.NET MVC: How to automatically disable [RequireHttps] on localhost?
问题描述
我希望我的登录页面只有SSL:
[RequireHttps]
公众的ActionResult登录()
{
如果(Helper.LoggedIn)
{
的Response.Redirect(/帐号/统计);
} 返回查看();
}
但很明显,当我开发和调试我的应用程序不会在本地主机上运行。我不想使用IIS 7的SSL证书,我怎么能自动禁用RequireHttps属性?
更新
根据由计算器用户和ASP.NET MVC提供的信息2的源$ C $ C我创建了下面的类,解决了这个问题。
公共类RequireSSLAttribute:FilterAttribute,个IAuthorizationFilter
{
公共虚拟无效OnAuthorization(AuthorizationContext filterContext)
{
如果(filterContext == NULL)
{
抛出新的ArgumentNullException(filterContext);
} 如果(!filterContext.HttpContext.Request.IsSecureConnection)
{
HandleNonHttpsRequest(filterContext);
}
} 受保护的虚拟无效HandleNonHttpsRequest(AuthorizationContext filterContext)
{
如果(filterContext.HttpContext.Request.Url.Host.Contains(本地主机))回报; 如果(!String.Equals(filterContext.HttpContext.Request.HttpMethod,GET,StringComparison.OrdinalIgnoreCase))
{
抛出新的InvalidOperationException异常(请求的资源只能通过SSL访问);
} 字符串的URL =https://开头+ filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
filterContext.Result =新RedirectResult(URL);
}
}
和它的使用是这样的:
[RequireSSL]
公众的ActionResult登录()
{
如果(Helper.LoggedIn)
{
的Response.Redirect(/帐号/统计);
} 返回查看();
}
最简单的事情就是,从RequireHttps派生新的属性,并覆盖HandleNonHttpsRequest
公共覆盖无效HandleNonHttpsRequest(AuthorizationContext filterContext)
{
如果(!filterContext.HttpContext.Request.Url.Host.Contains(本地主机))
{
base.HandleNonHttpsRequest(filterContext);
}
}
HandleNonHttpsRequest是,在这里抛出异常,该方法的所有我们正在做的,如果主机是localhost(和杰夫在他的评论中说,你可以扩展这个测试的环境或者其实你想要的任何其他异常不叫它)。
I want my login page to be SSL only:
[RequireHttps]
public ActionResult Login()
{
if (Helper.LoggedIn)
{
Response.Redirect("/account/stats");
}
return View();
}
But obviously it doesn't work on localhost when I develop and debug my application. I don't wanna use IIS 7 with SSL certificates, how can I automatically disable the RequireHttps attribute?
Update
Based on info provided by StackOverflow users and ASP.NET MVC 2 source code I created the following class that solves the problem.
public class RequireSSLAttribute : FilterAttribute, IAuthorizationFilter
{
public virtual void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (!filterContext.HttpContext.Request.IsSecureConnection)
{
HandleNonHttpsRequest(filterContext);
}
}
protected virtual void HandleNonHttpsRequest(AuthorizationContext filterContext)
{
if (filterContext.HttpContext.Request.Url.Host.Contains("localhost")) return;
if (!String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
{
throw new InvalidOperationException("The requested resource can only be accessed via SSL");
}
string url = "https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
filterContext.Result = new RedirectResult(url);
}
}
And it's used like this:
[RequireSSL]
public ActionResult Login()
{
if (Helper.LoggedIn)
{
Response.Redirect("/account/stats");
}
return View();
}
The easiest thing would be to derive a new attribute from RequireHttps and override HandleNonHttpsRequest
public override void HandleNonHttpsRequest(AuthorizationContext filterContext)
{
if (!filterContext.HttpContext.Request.Url.Host.Contains("localhost"))
{
base.HandleNonHttpsRequest(filterContext);
}
}
HandleNonHttpsRequest is the method that throws the exception, here all we're doing is not calling it if the host is localhost (and as Jeff says in his comment you could extend this to test environments or in fact any other exceptions you want).
这篇关于ASP.NET MVC:如何自动禁用[RequireHttps]在本地主机上?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
