退出Https属性MVC
本文关键字:MVC 属性 Https 退出 | 更新日期: 2023-09-27 18:30:00
我们使用的是负载平衡器,SSL终止于负载平衡器。尚未在iis级别为该网站创建https绑定。
由于这个原因,我的RemoteRequiredHttps属性不起作用,现在通过这个stackoverflow问题使它起作用。
我已经创建了ExitHttps属性,它遵循与上面提到的问题相同的规则。退出https未成功。即使我已经将此属性应用于操作,页面仍然保持在https模式下。我在这里错过了什么?
public class ExitHttpsAttribute : FilterAttribute, IAuthorizationFilter
{
public void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentException("Filter Context");
}
if (filterContext.HttpContext == null)
{
return;
}
if (!filterContext.HttpContext.Request.IsSecureConnection)
{
return;
}
var currentUrl = filterContext.HttpContext.Request.Url;
if (!currentUrl.Scheme.Equals(Uri.UriSchemeHttps, StringComparison.CurrentCultureIgnoreCase))
{
return;
}
// abort if a [RequireHttps] attribute is applied to controller or action
if (filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof (RequireHttpsAttribute), true).Length > 0)
{
return;
}
if (filterContext.ActionDescriptor.GetCustomAttributes(typeof (RequireHttpsAttribute), true).Length > 0)
{
return;
}
// abort if a [RetainHttps] attribute is applied to controller or action
if (filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof (RetainHttpsAttribute), true).Length > 0)
{
return;
}
if (filterContext.ActionDescriptor.GetCustomAttributes(typeof (RetainHttpsAttribute), true).Length > 0)
{
return;
}
// abort if it's not a GET request - we don't want to be redirecting on a form post
if (!String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
{
return;
}
// redirect to HTTP
var url = "http://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
filterContext.Result = new RedirectResult(url);
}
}
我已经更新了代码,现在正在进行
public class ExitHttpsAttribute : FilterAttribute, IAuthorizationFilter
{
public void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentException("Filter Context");
}
if (filterContext.HttpContext == null)
{
return;
}
var isSecure = filterContext.HttpContext.Request.IsSecureConnection;
var currentUrl = filterContext.HttpContext.Request.Url;
if (!isSecure && currentUrl.Scheme.Equals(Uri.UriSchemeHttps, StringComparison.CurrentCultureIgnoreCase))
{
isSecure = true;
}
if (!isSecure && string.Equals(filterContext.HttpContext.Request.Headers["X-Forwarded-Proto"], "https", StringComparison.InvariantCultureIgnoreCase))
{
isSecure = true;
}
if (isSecure)
{
//in these cases keep https
// abort if a [RequireHttps] attribute is applied to controller or action
if (filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof (RequireHttpsAttribute), true).Length > 0)
{
isSecure = false;
}
if (isSecure && filterContext.ActionDescriptor.GetCustomAttributes(typeof (RequireHttpsAttribute), true).Length > 0)
{
isSecure = false;
}
// abort if a [RetainHttps] attribute is applied to controller or action
if (isSecure && filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof (RetainHttpsAttribute), true).Length > 0)
{
isSecure = false;
}
if (isSecure && filterContext.ActionDescriptor.GetCustomAttributes(typeof (RetainHttpsAttribute), true).Length > 0)
{
isSecure = false;
}
// abort if it's not a GET request - we don't want to be redirecting on a form post
if (isSecure && !String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
{
isSecure = false;
}
}
if (!isSecure)
{
return;
}
// redirect to HTTP
var url = "http://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
filterContext.Result = new RedirectResult(url);
}
}