All geek questions in one place

MVC3 after [RequireHttps] how to ensure non-https use

I found this post , and it looks like I need for the application, the question is how to return to plain http when https is no longer needed? Will it essentially be based on an action that does not have the [RequireHttps] annotation?

EDIT: I found a couple of messages about switching from https to http ( here and here ), However, I still appreciate the answer to the question below.

As an alternative, I discussed opening the application in a new window. Is it fair to assume that https only applies to a new window?

+6
source share
2 answers

ASP.NET MVC RequireHttps only works in one direction. In the past, I just created my own implementation of FilterAttribute to allow travel in both directions:

EnsureHttpsAttribute

  public class EnsureHttpsAttribute : FilterAttribute, IAuthorizationFilter { public void OnAuthorization(AuthorizationContext filterContext) { Verify.NotNull(filterContext, "filterContext"); Verify.True(filterContext.HttpContext.Request.HttpMethod.Equals("GET", StringComparison.OrdinalIgnoreCase), "filterContext"); var request = filterContext.HttpContext.Request; if (request.Url != null && !request.IsSecureConnection && !request.IsLocal) filterContext.Result = new RedirectResult("https://" + request.Url.Host + request.RawUrl); } }

EnsureHttpAttribute

  public class EnsureHttpAttribute : FilterAttribute, IAuthorizationFilter { public void OnAuthorization(AuthorizationContext filterContext) { Verify.NotNull(filterContext, "filterContext"); Verify.True(filterContext.HttpContext.Request.HttpMethod.Equals("GET", StringComparison.OrdinalIgnoreCase), "filterContext"); var request = filterContext.HttpContext.Request; if (request.Url != null && request.IsSecureConnection) filterContext.Result = new RedirectResult("http://" + request.Url.Host + request.RawUrl); } }

Almost the same implementation as RequireHttpsAttribute if memory serves; although the above implementation checks if this is a Local request and ignores the transition to HTTPS.

+7
source

Source: https://habr.com/ru/post/906785/

More articles:


All Articles