MVC3,RequireHttps和自定义处理导致HTTP 310 [英] MVC3, RequireHttps and custom handler result in http 310
问题描述
我试图构建一个使用SSL连接的Web应用程序。所以,我做了一些研究,发现我可以使用RequireHttpsAttribute类来实现我所需要的。事情是,当我使用它,应用结果在310错误的执行(太多重定向)。我甚至建立一个自定义的类来处理从http切换到https。但是,这也导致错误。
我的类来处理TE协议开关:
公共类RequireSSLAttribute
继承ActionFilterAttribute 公共财产IsRequired()为布尔 公共覆盖子OnActionExecuting(filterContext作为ActionExecutingContext)
如果Me.IsRequired AndAlso运算filterContext.HttpContext.Request.Url.Scheme<> HTTPS然后
filterContext.HttpContext.Response.Redirect(filterContext.HttpContext.Request.Url.OriginalString.Replace(\"http:\", https:开头)。删除(filterContext.HttpContext.Request.Url.OriginalString.LastIndexOf(:)+ 1),真)
filterContext.Result =新HttpUnauthorizedResult
万一
结束小组 的Public Sub New()
IsRequired = TRUE
结束小组
末级
我不知道你的主机是谁,但我只是碰到了对的 AppHarbor 并在他们的知识基础发现了这个:
如果您使用的是内置RequireHttpsAttribute以确保
控制器动作总是使用HTTPS,你将体验到一个重定向
循环。其原因是,SSL终止于负载均衡水平
而RequireHttps不承认的X转发,原标题是
使用以指示该请求已被使用HTTPS制成。你应该
因此,使用自定义RequireHttps为此属性。
块引用>他们还提供了Github上这里,一个例子的解决方案,我会复制下面为了方便:
使用系统;
使用System.Web.Mvc;
使用RequireHttpsAttributeBase = System.Web.Mvc.RequireHttpsAttribute;命名空间AppHarbor.Web
{
[AttributeUsage(
AttributeTargets.Class | AttributeTargets.Method,
继承= TRUE,
的AllowMultiple = FALSE)]
公共类RequireHttpsAttribute:RequireHttpsAttributeBase
{
公共覆盖无效OnAuthorization(AuthorizationContext filterContext)
{
如果(filterContext == NULL)
{
抛出新的ArgumentNullException(filterContext);
} 如果(filterContext.HttpContext.Request.IsSecureConnection)
{
返回;
} 如果(string.Equals(filterContext.HttpContext.Request.Headers [X - 转发,原],
https开头,
StringComparison.InvariantCultureIgnoreCase))
{
返回;
} 如果(filterContext.HttpContext.Request.IsLocal)
{
返回;
} HandleNonHttpsRequest(filterContext);
}
}
}我不知道这是否会解决你的问题。但也许,即使你不使用AppHarbor的根本原因可能是你的一样,在这种情况下,上述似乎值得一试。
I'm trying to build a web application that uses an SSL connection. So I did some research and found out that I could use the RequireHttpsAttribute class to achieve what I needed. Thing is that when I use it, the execution of the application results in an 310 error(too many redirections). I even built a custom class to handle the switch from http to https. But that too results in an error.
My Class to handle te protocol switch:
Public Class RequireSSLAttribute Inherits ActionFilterAttribute Public Property IsRequired() As Boolean Public Overrides Sub OnActionExecuting(filterContext As ActionExecutingContext) If Me.IsRequired AndAlso filterContext.HttpContext.Request.Url.Scheme <> "https" Then filterContext.HttpContext.Response.Redirect(filterContext.HttpContext.Request.Url.OriginalString.Replace("http:", "https:").Remove(filterContext.HttpContext.Request.Url.OriginalString.LastIndexOf(":") + 1), True) filterContext.Result = New HttpUnauthorizedResult End If End Sub Public Sub New() IsRequired = True End Sub End Class
解决方案I don't know who your host is, but I just ran into a similar problem on AppHarbor and discovered this in their knowledge base:
If you're using the built-in RequireHttpsAttribute to ensure that a controller action always uses HTTPS you will experience a redirect loop. The reason is that SSL is terminated at the load balancer level and RequireHttps doesn't recognize the X-Forwarded-Proto header it uses to indicate that the request was made using HTTPS. You should therefore use a custom RequireHttps attribute for this purpose.
They have also provided an example solution on Github here, which I will copy below for convenience:
using System; using System.Web.Mvc; using RequireHttpsAttributeBase = System.Web.Mvc.RequireHttpsAttribute; namespace AppHarbor.Web { [AttributeUsage( AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)] public class RequireHttpsAttribute : RequireHttpsAttributeBase { public override void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (filterContext.HttpContext.Request.IsSecureConnection) { return; } if (string.Equals(filterContext.HttpContext.Request.Headers["X-Forwarded-Proto"], "https", StringComparison.InvariantCultureIgnoreCase)) { return; } if (filterContext.HttpContext.Request.IsLocal) { return; } HandleNonHttpsRequest(filterContext); } } }
I'm not sure if this will solve your problem; but perhaps even if you aren't using AppHarbor the root cause may be the same for you, in which case the above seems worth a shot.
这篇关于MVC3,RequireHttps和自定义处理导致HTTP 310的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!