Some security-high web pages, such as online payments or user landing pages, may use HTTPS (SSL/TLS) to improve security. This article describes how to force an action to use HTTPS and how to jump to an HTTPS page in asp.net mvc. We first implement to force an action to use HTTPS. A Requirehttpsattribute is written here that converts a non-HTTPS connection to an HTTPS connection so that all controller using REQUIREHTTPS This filter will force an HTTPS connection.
-->1 using SYSTEM.WEB.MVC;
2
3 namespace Snowdream.Demo.RequireHttps
4 {
5 public class Requirehttpsattribute:authorizeattribute
6 {
7///<summary>
8///Rewrite Onauthorization method
9///</summary>
///<param name= "Filtercontext" ></param>
One public override void Onauthorization (AuthorizationContext filtercontext)
12 {
13//If it is already an HTTPS connection, it is not processed, otherwise redirected to HTTPS connection
if (!filtercontext.httpcontext.request.issecureconnection)
15 {
16//Get the current request path
string path = FilterContext.HttpContext.Request.Path;
18
19//From the web.config to obtain the host, can also be directly from the HttpContext to obtain
String host = system.configuration.configurationmanager.appsettings["HostName"];
21st
22//port to obtain HTTPS from Web.config
A string port = system.configuration.configurationmanager.appsettings["Httpsport"];
24
25///If the port number is empty indicates that the default port is used, otherwise the host is written in host:port form
if (port!= null)
27 {
Host = string. Format ("{0}:{1}", host, Port);
29}
30
31//Redirect to HTTPS connection
FilterContext.HttpContext.Response.Redirect (String. Format ("Https://{0}{1}", host, Path));
33}
34}
35}
36}
37
Because HTTPS and HTTPS services use different port numbers, and HTTPS cannot bind to host headers, you can differentiate each site through different ports, so this is where the host and port information is written in web.config to facilitate configuration. Add the following information to the appsettings section of web.config
-->1 <appSettings>
2 <add key= "HostName" value= "localhost"/>
3 <add key= "Httpsport" value= "443"/>
4 </appSettings>
5
Httpsport can not write, will use the default 443.
Then add [Requirehttps] before the Controller or action to use HTTPS connection, as
-->1 [Requirehttps]
2 public actionresult About ()
3 {
4 return View ();
5}
6
This way, when we use Http://localhost/Home/AboutWhen you visit the page, you automatically jump to Https://localhost/Home/About。 But there is another problem, the links in the Web page are HTTP, and when you click into the page that you want to use HTTPS connection, you have to do a redirect. So we're going to change the links in the Web page to HTTPS as well. This step is not difficult, just want to put all the links to the HTTPS page in the view Html. The Action () is written with the appropriate overloaded method. asp.net MVC 1.0 RTM provides 2 overloads that can be set to protocol to HTTPS. In the default-generated site after the new asp.net MVC Web application, there is a actionlink in the Site.master file in the shared folder that points to/home/about. Turns out to be
-->1 Html.ActionLink ("Home", "Index", "Home")
We rewrite it.
-->1 Html.ActionLink ("about", "about", "Home", "https", "localhost", "", NULL, NULL)
In this way, the generated link is HTTPS, the click will be used directly after the HTTPS connection without another redirect, and then the new to the HTTPS page link can also be modeled.
Hostname information is also used here, We've already written it in web.config, so we can write a method to get this part of the information in Web.config and splice it into the hostname string that is needed here, or we can write an extension method for HtmlHelper to handle the HTTPS link, which can actually make When the appropriate optimizations are made.
