RequireSSL的网址失败,查询字符串 [英] RequireSSL fails on Url with Querystring
问题描述
我用这个code这是从MVC期货采取和属性RequireSsl连接到一个动作。
它与简单的URL如的http://本地主机/德/帐号/登录的,但如果我有一个查询字符串的问号获得URL连接codeD,请求失败。
的http://本地主机/德/帐号/登录测试= OMG 重定向至
的https://本地主机/德/帐号/登录%3Ftest = OMG 。任何人有这方面的工作?
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method,继承= TRUE,的AllowMultiple = FALSE)]
公共密封类RequireSslAttribute:FilterAttribute,个IAuthorizationFilter
{
公共RequireSslAttribute()
{
重定向= TRUE;
} 公共BOOL重定向{搞定;组; } 公共无效OnAuthorization(AuthorizationContext filterContext)
{
//Validate.IsNotNull(filterContextfilterContext); 如果回报(Configuration.EnableSSL!); 如果(!filterContext.HttpContext.Request.IsSecureConnection)
{
//请求不是SSL保护的,所以扔或重定向
如果(重定向)
{
//形成新的URL
UriBuilder建设者=新UriBuilder
{
计划=https开头,
主机= filterContext.HttpContext.Request.Url.Host,
//使用RawUrl因为它与URL重写工作
路径= filterContext.HttpContext.Request.RawUrl
};
filterContext.Result =新RedirectResult(builder.ToString());
}
其他
{
抛出新的HttpException((INT)的HTTPStatus code.Forbidden,禁止访问所请求的资源要求SSL连接。);
}
}
}
}
我改变了
UriBuilder建设者=新UriBuilder
{
计划=https开头,
主机= filterContext.HttpContext.Request.Url.Host,
//使用RawUrl因为它与URL重写工作
路径= filterContext.HttpContext.Request.RawUrl
};
要
UriBuilder建设者=新UriBuilder
{
计划=https开头,
主机= filterContext.HttpContext.Request.Url.Host,
路径= filterContext.HttpContext.Request.Url.LocalPath,
查询= filterContext.HttpContext.Request.Url.PathAndQuery };
我不使用URL重写协作的权利,这就是为什么我想这对我来说是安全的。
I use this code which is taken from MVC futures and attach the Attribute RequireSsl to an action. It works with simple Url like http://localhost/de/Account/Login, but if I have a querystring, the questionmark gets url encoded and the request fails.
http://localhost/de/Account/Login?test=omg redirects to https://localhost/de/Account/Login%3Ftest=omg. Anybody got this working?
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public sealed class RequireSslAttribute : FilterAttribute, IAuthorizationFilter
{
public RequireSslAttribute()
{
Redirect = true;
}
public bool Redirect { get; set; }
public void OnAuthorization(AuthorizationContext filterContext)
{
//Validate.IsNotNull(filterContext, "filterContext");
if (!Configuration.EnableSSL) return;
if (!filterContext.HttpContext.Request.IsSecureConnection)
{
// request is not SSL-protected, so throw or redirect
if (Redirect)
{
// form new URL
UriBuilder builder = new UriBuilder
{
Scheme = "https",
Host = filterContext.HttpContext.Request.Url.Host,
// use the RawUrl since it works with URL Rewriting
Path = filterContext.HttpContext.Request.RawUrl
};
filterContext.Result = new RedirectResult(builder.ToString());
}
else
{
throw new HttpException((int)HttpStatusCode.Forbidden, "Access forbidden. The requested resource requires an SSL connection.");
}
}
}
}
I changed
UriBuilder builder = new UriBuilder
{
Scheme = "https",
Host = filterContext.HttpContext.Request.Url.Host,
// use the RawUrl since it works with URL Rewriting
Path = filterContext.HttpContext.Request.RawUrl
};
To
UriBuilder builder = new UriBuilder
{
Scheme = "https",
Host = filterContext.HttpContext.Request.Url.Host,
Path = filterContext.HttpContext.Request.Url.LocalPath,
Query = filterContext.HttpContext.Request.Url.PathAndQuery
};
I dont use UrlRewriting right now, thats why I guess this is safe for me.
这篇关于RequireSSL的网址失败,查询字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!