ASP.NET MVC：如何在localhost上自动禁用[RequireHttps]？ [英] ASP.NET MVC: How to automatically disable [RequireHttps] on localhost?

查看：179 发布时间：2017/4/17 19:18:58 asp.net-mvc debugging iis ssl localhost

本文介绍了ASP.NET MVC：如何在localhost上自动禁用[RequireHttps]？的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我希望我的登录页面只能是SSL：

I want my login page to be SSL only:

    [RequireHttps]
    public ActionResult Login()
    {
        if (Helper.LoggedIn)
        {
            Response.Redirect("/account/stats");
        }

        return View();
    }

但是当我开发和调试我的应用程序时，显然它在localhost上不起作用。我不想使用带有SSL证书的IIS 7，如何自动禁用RequireHttps属性？

But obviously it doesn't work on localhost when I develop and debug my application. I don't wanna use IIS 7 with SSL certificates, how can I automatically disable the RequireHttps attribute?

更新

根据StackOverflow用户提供的信息和ASP.NET MVC 2源代码，我创建了以下类来解决问题。

Based on info provided by StackOverflow users and ASP.NET MVC 2 source code I created the following class that solves the problem.

public class RequireSSLAttribute : FilterAttribute, IAuthorizationFilter
{
    public virtual void OnAuthorization(AuthorizationContext filterContext)
    {
        if (filterContext == null)
        {
            throw new ArgumentNullException("filterContext");
        }

        if (!filterContext.HttpContext.Request.IsSecureConnection)
        {
            HandleNonHttpsRequest(filterContext);
        }
    }

    protected virtual void HandleNonHttpsRequest(AuthorizationContext filterContext)
    {
        if (filterContext.HttpContext.Request.Url.Host.Contains("localhost")) return;

        if (!String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
        {
            throw new InvalidOperationException("The requested resource can only be accessed via SSL");
        }

        string url = "https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
        filterContext.Result = new RedirectResult(url);
    }
}

它的用法如下：

[RequireSSL]
public ActionResult Login()
{
    if (Helper.LoggedIn)
    {
        Response.Redirect("/account/stats");
    }

    return View();
}

推荐答案

最简单的事情是从RequireHttps导出一个新属性并覆盖HandleNonHttpsRequest

The easiest thing would be to derive a new attribute from RequireHttps and override HandleNonHttpsRequest

protected override void HandleNonHttpsRequest(AuthorizationContext filterContext)
        {
            if (!filterContext.HttpContext.Request.Url.Host.Contains("localhost"))
            {
                base.HandleNonHttpsRequest(filterContext);
            }
        }

HandleNonHttpsRequest是抛出异常的方法，这里全部如果主机是localhost，我们正在做的并不是这样做（而且Jeff在他的评论中可以将其扩展到测试环境或实际上需要任何其他异常）。

HandleNonHttpsRequest is the method that throws the exception, here all we're doing is not calling it if the host is localhost (and as Jeff says in his comment you could extend this to test environments or in fact any other exceptions you want).

这篇关于ASP.NET MVC：如何在localhost上自动禁用[RequireHttps]？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

ASP.NET MVC：如何在localhost上自动禁用[RequireHttps]？ [英] ASP.NET MVC: How to automatically disable [RequireHttps] on localhost?

问题描述

推荐答案

相关文章

服务器开发最新文章

热门教程

热门工具

登录关闭

ASP.NET MVC：如何在localhost上自动禁用[RequireHttps]？ [英] ASP.NET MVC: How to automatically disable [RequireHttps] on localhost?

问题描述

推荐答案

相关文章

服务器开发最新文章

热门教程

热门工具

登录 关闭

登录关闭