In My MVC4 Mobile application i have registration, login page and remaining pages. i would like to redirect user to HTTPS connection for all sensitive information pages like registration and login pages and HTTP to remailing pages.
Asked
Active
Viewed 543 times
0
-
possible duplicate of [How to redirect HTTP to HTTPS of MVC application (IIS7.5)](http://stackoverflow.com/questions/4945883/how-to-redirect-http-to-https-of-mvc-application-iis7-5) – SilverlightFox Jan 16 '14 at 10:17
-
i would like to redirect some pages in my site. not all the pages or entire site. – Ranjith Kumar Nagiri Jan 16 '14 at 10:23
2 Answers
0
Within the controller actions that you wish to be HTTPS add the following code to the top of the method (of course you can simply add this to its own method and then call it):
if (!HttpContext.Request.IsSecureConnection)
{
var url = new UriBuilder(HttpContext.Request.Url);
url.Scheme = "https";
Response.Redirect(url.Uri.AbsoluteUri);
}
It is recommended though that you keep HTTPS on throughout your site to protect against a MITM attack against the auth cookie.
SilverlightFox
- 32,436
- 11
- 76
- 145
-
when i use this code in my controller, my views are not displaying. – Ranjith Kumar Nagiri Jan 17 '14 at 11:46
-
What displays instead? What response do you get in Firebug (HTTP status code)? – SilverlightFox Jan 17 '14 at 11:48
-
it is not displaying any error message. simply it display the previous page only. – Ranjith Kumar Nagiri Jan 17 '14 at 11:50
-
Does it work if you change the URL to `HTTPS` manually (in browser address bar)? – SilverlightFox Jan 17 '14 at 11:52
-
my code : #region Registration public ActionResult Registration() { if (!HttpContext.Request.IsSecureConnection) { var url = new UriBuilder(HttpContext.Request.Url); url.Scheme = "https"; Response.Redirect(url.Uri.AbsoluteUri); } SignUpModel model = new SignUpModel(); model.Unsubscribe = true; ViewBag.Message = ""; return View(model); } – Ranjith Kumar Nagiri Jan 17 '14 at 11:53
0
I prefer you to use conditional functionality putting the class
public class RequireHttpsConditional : RequireHttpsAttribute
{
protected override void HandleNonHttpsRequest(AuthorizationContext filterContext)
{
var useSslConfig = ConfigurationManager.AppSettings["UseSSL"];
if (useSslConfig != null)
{
if (!string.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
{
throw new InvalidOperationException("The requested resource can only be accessed via SSL.");
}
var request = filterContext.HttpContext.Request;
string url = null;
int sslPort;
if (Int32.TryParse(useSslConfig, out sslPort) && sslPort > 0)
{
url = "https://" + request.Url.Host + request.RawUrl;
if (sslPort != 443)
{
var builder = new UriBuilder(url) { Port = sslPort };
url = builder.Uri.ToString();
}
}
if (sslPort != request.Url.Port)
{
filterContext.Result = new RedirectResult(url);
}
}
}
}
and using this [RequireHttpsConditional] above the action result.
i have got this code somewhere in internet and is working fine for me.
in web.config appsettings use <add key="UseSSL" value="443" />
and in the controller above the action result you need put
[RequireHttpsConditional]
public ActionResult SignIn()
{
}
In IIS where you have your project right click and click "Edit Bindings" then you add a custom type https and port no 443 (you can change it)
Note this will work only in production environment. when executed locally it wont be working.
When you execute it locally you have request.Url.Host which will return you only localhost and missing your port number. so if you use it in MVC you will find error loading page for your pages where you put this code.
So this will work when you have the host assigned instead of using the localhost with a specific port number.
Shiva Saurabh
- 1,281
- 2
- 25
- 47