MVC3，RequireHttps和自定义处理导致HTTP 310 [英] MVC3, RequireHttps and custom handler result in http 310

问题描述

我试图构建一个使用SSL连接的Web应用程序。所以，我做了一些研究，发现我可以使用RequireHttpsAttribute类来实现我所需要的。事情是，当我使用它，应用结果在310错误的执行（太多重定向）。我甚至建立一个自定义的类来处理从http切换到https。但是，这也导致错误。

我的类来处理TE协议开关：

 公共类RequireSSLAttribute
    继承ActionFilterAttribute    公共财产IsRequired（）为布尔    公共覆盖子OnActionExecuting（filterContext作为ActionExecutingContext）
        如果Me.IsRequired AndAlso运算filterContext.HttpContext.Request.Url.Scheme＆LT;＆GT; HTTPS然后
            filterContext.HttpContext.Response.Redirect(filterContext.HttpContext.Request.Url.OriginalString.Replace(\"http:\", https：开头）。删除（filterContext.HttpContext.Request.Url.OriginalString.LastIndexOf（：）+ 1），真）
            filterContext.Result =新HttpUnauthorizedResult
        万一
    结束小组    的Public Sub New（）
        IsRequired = TRUE
    结束小组
末级
 

解决方案

我不知道你的主机是谁，但我只是碰到了对的 AppHarbor 并在他们的知识基础发现了这个：

  

如果您使用的是内置RequireHttpsAttribute以确保
  控制器动作总是使用HTTPS，你将体验到一个重定向
  循环。其原因是，SSL终止于负载均衡水平
  而RequireHttps不承认的X转发，原标题是
  使用以指示该请求已被使​​用HTTPS制成。你应该
  因此，使用自定义RequireHttps为此属性。

他们还提供了Github上这里，一个例子的解决方案，我会复制下面为了方便：

 使用系统;
使用System.Web.Mvc;
使用RequireHttpsAttributeBase = System.Web.Mvc.RequireHttpsAttribute;命名空间AppHarbor.Web
{
    [AttributeUsage（
        AttributeTargets.Class | AttributeTargets.Method，
        继承= TRUE，
        的AllowMultiple = FALSE）]
    公共类RequireHttpsAttribute：RequireHttpsAttributeBase
    {
        公共覆盖无效OnAuthorization（AuthorizationContext filterContext）
        {
            如果（filterContext == NULL）
            {
                抛出新的ArgumentNullException（filterContext）;
            }            如果（filterContext.HttpContext.Request.IsSecureConnection）
            {
                返回;
            }            如果（string.Equals（filterContext.HttpContext.Request.Headers [X  - 转发，原]，
                https开头，
                StringComparison.InvariantCultureIgnoreCase））
            {
                返回;
            }            如果（filterContext.HttpContext.Request.IsLocal）
            {
                返回;
            }            HandleNonHttpsRequest（filterContext）;
        }
    }
}
 

我不知道这是否会解决你的问题。但也许，即使你不使用AppHarbor的根本原因可能是你的一样，在这种情况下，上述似乎值得一试。

I'm trying to build a web application that uses an SSL connection. So I did some research and found out that I could use the RequireHttpsAttribute class to achieve what I needed. Thing is that when I use it, the execution of the application results in an 310 error(too many redirections). I even built a custom class to handle the switch from http to https. But that too results in an error.

My Class to handle te protocol switch:

Public Class RequireSSLAttribute
    Inherits ActionFilterAttribute

    Public Property IsRequired() As Boolean

    Public Overrides Sub OnActionExecuting(filterContext As ActionExecutingContext)
        If Me.IsRequired AndAlso filterContext.HttpContext.Request.Url.Scheme <> "https" Then
            filterContext.HttpContext.Response.Redirect(filterContext.HttpContext.Request.Url.OriginalString.Replace("http:", "https:").Remove(filterContext.HttpContext.Request.Url.OriginalString.LastIndexOf(":") + 1), True)
            filterContext.Result = New HttpUnauthorizedResult
        End If
    End Sub

    Public Sub New()
        IsRequired = True
    End Sub
End Class

解决方案

I don't know who your host is, but I just ran into a similar problem on AppHarbor and discovered this in their knowledge base:

If you're using the built-in RequireHttpsAttribute to ensure that a controller action always uses HTTPS you will experience a redirect loop. The reason is that SSL is terminated at the load balancer level and RequireHttps doesn't recognize the X-Forwarded-Proto header it uses to indicate that the request was made using HTTPS. You should therefore use a custom RequireHttps attribute for this purpose.

They have also provided an example solution on Github here, which I will copy below for convenience:

using System;
using System.Web.Mvc;
using RequireHttpsAttributeBase = System.Web.Mvc.RequireHttpsAttribute;

namespace AppHarbor.Web
{
    [AttributeUsage(
        AttributeTargets.Class | AttributeTargets.Method,
        Inherited = true,
        AllowMultiple = false)]
    public class RequireHttpsAttribute : RequireHttpsAttributeBase
    {
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            if (filterContext == null)
            {
                throw new ArgumentNullException("filterContext");
            }

            if (filterContext.HttpContext.Request.IsSecureConnection)
            {
                return;
            }

            if (string.Equals(filterContext.HttpContext.Request.Headers["X-Forwarded-Proto"],
                "https",
                StringComparison.InvariantCultureIgnoreCase))
            {
                return;
            }

            if (filterContext.HttpContext.Request.IsLocal)
            {
                return;
            }

            HandleNonHttpsRequest(filterContext);
        }
    }
}

I'm not sure if this will solve your problem; but perhaps even if you aren't using AppHarbor the root cause may be the same for you, in which case the above seems worth a shot.

这篇关于MVC3，RequireHttps和自定义处理导致HTTP 310的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！