Use https (SSL/TLS) in ASP. NET MVC)

Source: Internet
Author: User
Tags actionlink
Some highly secure web pages, such as online payment or user login pages, may use HTTPS (SSL/TLS) to improve security. This article describes how to force an action to Use https in ASP. net mvc and how to redirect to an HTTPS page.
First, we need to force an action to Use https. Here, a requirehttpsattribute is written, which is used to convert non-HTTPS connections to HTTPS connections, so that all controllers using the filter requirehttps will force HTTPS connections.

1 Using System. Web. MVC;
2
3 Namespace Snowdream. Demo. requirehttps
4 {
5 Public   Class Requirehttpsattribute: authorizeattribute
6 {
7 ///   <Summary>
8 /// Override onauthorization Method
9 ///   </Summary>
10 ///   <Param name = "filtercontext"> </param>
11 Public   Override   Void Onauthorization (authorizationcontext filtercontext)
12 {
13 // If it is already an HTTPS connection, it will not be processed; otherwise, it will be redirected to an HTTPS connection.
14 If ( ! Filtercontext. httpcontext. Request. issecureconnection)
15 {
16 // Obtain the path of the current request
17 String Path = Filtercontext. httpcontext. Request. path;
18
19 // Obtain the host from web. config or httpcontext.
20 String Host = System. configuration. configurationmanager. configurettings [ " Hostname " ];
21
22 // Obtain the HTTPS port from web. config.
23 String Port = System. configuration. configurationmanager. configurettings [ " Httpsport " ];
24
25 // If the port number is null, the default port is used. Otherwise, the host is written as host: port.
26 If (Port ! =   Null )
27 {
28 Host =   String . Format ( " {0 }:{ 1} " , Host, Port );
29 }
30
31 // Redirect to HTTPS connection
32 Filtercontext. httpcontext. response. Redirect ( String . Format ( " Https: // {0} {1} " , Host, PATH ));
33 }
34 }
35 }
36 }
37

Because the HTTPS and HTTPS services use different port numbers, and HTTPS cannot bind host headers, you can only distinguish sites by using different ports. Therefore, the host and port information is written to the Web. config to facilitate configuration. Add the following information in the appsettings section of Web. config:

1 < Appsettings >
2 < Add Key = "Hostname" Value = "Localhost" />
3 < Add Key = "Httpsport" Value = "443" />
4 </ Appsettings >
5

Httpsport can be left empty. The default 443 is used.
Add [requirehttps] before the Controller or action that you want to connect using https, as shown in figure

1 [Requirehttps]
2 Public Actionresult about ()
3 {
4 Return View ();
5 }
6

In this way, when we use http: // localhost/home/about to access this page, it will automatically jump to https: // localhost/home/about. However, there is another problem. The links on the webpage are all HTTP. When you click to access the webpage that requires HTTPS connection, redirect is required. Therefore, we need to change the link in the webpage to HTTPS. This step is not difficult. You only need to use the appropriate overload method to write all HTML. Action () links to the HTTPS page in the view. ASP. net mvc 1.0 RTM provides two reloads to set protocol to HTTPS. In the site generated by default after ASP. net mvc web application is created, the site. master file in the shared folder contains an actionlink pointing to/home/about. It turns out to be

1 Html. actionlink ( " Home " , " Index " , " Home " )

We rewrite it.

1 Html. actionlink ( " About " , " About " , " Home " , " HTTPS " , " Localhost " , "" , Null , Null )

In this way, the generated link is HTTPS. After you click it, you will directly use the HTTPS connection instead of redirect again. The new link to the HTTPS page can also be written in the same way.
Here we need to use the Hostname Information again. We have already written it on the web. config, so you can write a special method to obtain the web. this part of the information in config is spliced into the hostname string required here, or you can write an extension method for htmlhelper to process HTTPS links, these can be optimized in actual use.

Download Sample Code

Additional materials:

HTTPSIntroduction
SSLIntroduction
In IISSet httpsService
InternetInformation Service(IIS)Server certificate installation instructions

This article applies to ASP. net mvc 1.0

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.