RequireSSL的网址失败,查询字符串 [英] RequireSSL fails on Url with Querystring

查看:99
本文介绍了RequireSSL的网址失败,查询字符串的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我用这个code这是从MVC期货采取和属性RequireSsl连接到一个动作。
它与简单的URL如的http://本地主机/德/帐号/登录的,但如果我有一个查询字符串的问号获得URL连接codeD,请求失败。

的http://本地主机/德/帐号/登录测试= OMG 重定向至
的https://本地主机/德/帐号/登录%3Ftest = OMG 。任何人有这方面的工作?

  [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method,继承= TRUE,的AllowMultiple = FALSE)]
公共密封类RequireSslAttribute:FilterAttribute,个IAuthorizationFilter
{
    公共RequireSslAttribute()
    {
        重定向= TRUE;
    }    公共BOOL重定向{搞定;组; }    公共无效OnAuthorization(AuthorizationContext filterContext)
    {
        //Validate.IsNotNull(filterContextfilterContext);        如果回报(Configuration.EnableSSL!);        如果(!filterContext.HttpContext.Request.IsSecureConnection)
        {
            //请求不是SSL保护的,所以扔或重定向
            如果(重定向)
            {
                //形成新的URL
                UriBuilder建设者=新UriBuilder
                {
                    计划=htt​​ps开头,
                    主机= filterContext.HttpContext.Request.Url.Host,
                    //使用RawUrl因为它与URL重写工作
                    路径= filterContext.HttpContext.Request.RawUrl
                };
                filterContext.Result =新RedirectResult(builder.ToString());
            }
            其他
            {
                抛出新的HttpException((INT)的HTTPStatus code.Forbidden,禁止访问所请求的资源要求SSL连接。);
            }
        }
    }
}


解决方案

我改变了

  UriBuilder建设者=新UriBuilder
                {
                    计划=htt​​ps开头,
                    主机= filterContext.HttpContext.Request.Url.Host,
                    //使用RawUrl因为它与URL重写工作
                    路径= filterContext.HttpContext.Request.RawUrl
                };
 

  UriBuilder建设者=新UriBuilder
                {
                    计划=htt​​ps开头,
                    主机= filterContext.HttpContext.Request.Url.Host,
                    路径= filterContext.HttpContext.Request.Url.LocalPath,
                    查询= filterContext.HttpContext.Request.Url.PathAndQuery                };

我不使用URL重写协作的权利,这就是为什么我想这对我来说是安全的。

I use this code which is taken from MVC futures and attach the Attribute RequireSsl to an action. It works with simple Url like http://localhost/de/Account/Login, but if I have a querystring, the questionmark gets url encoded and the request fails.

http://localhost/de/Account/Login?test=omg redirects to https://localhost/de/Account/Login%3Ftest=omg. Anybody got this working?

 [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public sealed class RequireSslAttribute : FilterAttribute, IAuthorizationFilter
{
    public RequireSslAttribute()
    {
        Redirect = true;
    }

    public bool Redirect { get; set; }

    public void OnAuthorization(AuthorizationContext filterContext)
    {
        //Validate.IsNotNull(filterContext, "filterContext");

        if (!Configuration.EnableSSL) return;

        if (!filterContext.HttpContext.Request.IsSecureConnection)
        {
            // request is not SSL-protected, so throw or redirect
            if (Redirect)
            {
                // form new URL
                UriBuilder builder = new UriBuilder
                {
                    Scheme = "https",
                    Host = filterContext.HttpContext.Request.Url.Host,
                    // use the RawUrl since it works with URL Rewriting
                    Path = filterContext.HttpContext.Request.RawUrl
                };
                filterContext.Result = new RedirectResult(builder.ToString());
            }
            else
            {
                throw new HttpException((int)HttpStatusCode.Forbidden, "Access forbidden. The requested resource requires an SSL connection.");
            }
        }
    }


}

解决方案

I changed 

 UriBuilder builder = new UriBuilder
                {
                    Scheme = "https",
                    Host = filterContext.HttpContext.Request.Url.Host,
                    // use the RawUrl since it works with URL Rewriting
                    Path = filterContext.HttpContext.Request.RawUrl
                };

To

                    UriBuilder builder = new UriBuilder
                {
                    Scheme = "https",
                    Host = filterContext.HttpContext.Request.Url.Host,
                    Path = filterContext.HttpContext.Request.Url.LocalPath,
                    Query = filterContext.HttpContext.Request.Url.PathAndQuery

                };

I dont use UrlRewriting right now, thats why I guess this is safe for me.

这篇关于RequireSSL的网址失败,查询字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
ASP .NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆