Use https (SSL/TLS) in ASP. NET MVC)

Some highly secure web pages, such as online payment or user login pages, may use HTTPS (SSL/TLS) to improve security. This article describes how to force an action to Use https in ASP. net mvc and how to redirect to an HTTPS page.
First, we need to force an action to Use https. Here, a requirehttpsattribute is written, which is used to convert non-HTTPS connections to HTTPS connections, so that all controllers using the filter requirehttps will force HTTPS connections.

1 Using System. Web. MVC;
2
3 Namespace Snowdream. Demo. requirehttps
4 {
5 Public   Class Requirehttpsattribute: authorizeattribute
6 {
7 ///   <Summary>
8 /// Override onauthorization Method
9 ///   </Summary>
10 ///   <Param name = "filtercontext"> </param>
11 Public   Override   Void Onauthorization (authorizationcontext filtercontext)
12 {
13 // If it is already an HTTPS connection, it will not be processed; otherwise, it will be redirected to an HTTPS connection.
14 If ( ! Filtercontext. httpcontext. Request. issecureconnection)
15 {
16 // Obtain the path of the current request
17 String Path = Filtercontext. httpcontext. Request. path;
18
19 // Obtain the host from web. config or httpcontext.
20 String Host = System. configuration. configurationmanager. configurettings [ " Hostname " ];
21
22 // Obtain the HTTPS port from web. config.
23 String Port = System. configuration. configurationmanager. configurettings [ " Httpsport " ];
24
25 // If the port number is null, the default port is used. Otherwise, the host is written as host: port.
26 If (Port ! =   Null )
27 {
28 Host =   String . Format ( " {0 }:{ 1} " , Host, Port );
29 }
30
31 // Redirect to HTTPS connection
32 Filtercontext. httpcontext. response. Redirect ( String . Format ( " Https: // {0} {1} " , Host, PATH ));
33 }
34 }
35 }
36 }
37

Because the HTTPS and HTTPS services use different port numbers, and HTTPS cannot bind host headers, you can only distinguish sites by using different ports. Therefore, the host and port information is written to the Web. config to facilitate configuration. Add the following information in the appsettings section of Web. config:

1 < Appsettings >
2 < Add Key = "Hostname" Value = "Localhost" />
3 < Add Key = "Httpsport" Value = "443" />
4 </ Appsettings >
5

Httpsport can be left empty. The default 443 is used.
Add [requirehttps] before the Controller or action that you want to connect using https, as shown in figure

1 [Requirehttps]
2 Public Actionresult about ()
3 {
4 Return View ();
5 }
6

In this way, when we use http: // localhost/home/about to access this page, it will automatically jump to https: // localhost/home/about. However, there is another problem. The links on the webpage are all HTTP. When you click to access the webpage that requires HTTPS connection, redirect is required. Therefore, we need to change the link in the webpage to HTTPS. This step is not difficult. You only need to use the appropriate overload method to write all HTML. Action () links to the HTTPS page in the view. ASP. net mvc 1.0 RTM provides two reloads to set protocol to HTTPS. In the site generated by default after ASP. net mvc web application is created, the site. master file in the shared folder contains an actionlink pointing to/home/about. It turns out to be

1 Html. actionlink ( " Home " , " Index " , " Home " )

We rewrite it.

1 Html. actionlink ( " About " , " About " , " Home " , " HTTPS " , " Localhost " , "" , Null , Null )

In this way, the generated link is HTTPS. After you click it, you will directly use the HTTPS connection instead of redirect again. The new link to the HTTPS page can also be written in the same way.
Here we need to use the Hostname Information again. We have already written it on the web. config, so you can write a special method to obtain the web. this part of the information in config is spliced into the hostname string required here, or you can write an extension method for htmlhelper to process HTTPS links, these can be optimized in actual use.

Download Sample Code

Additional materials:

HTTPSIntroduction
SSLIntroduction
In IISSet httpsService
InternetInformation Service(IIS)Server certificate installation instructions

This article applies to ASP. net mvc 1.0