I wanted to know if there was an easy way to make the user' POST action redirect to the HTTPS version of a site. So for example a user goes to http://www.omegusprime.com/Request/ABC and fills out a form. How can I make the SUBMIT button post to https://www.omegusprime.com/Request/ABC?
I'm aware of the RequireHttpsAttribute, but that does not affect how the Html.BeginForm() behaves.
I agree with Paul's answer. Writing normal HTML Tag seems to be the only way here.
But I would recommend using a mix of HTML and the URL Helper of MVC. It makes sure, the URL is right and it uses the correct domain name. This is an advantage when you have a local development version (i.e. https://localhost/Request/ABC) and your production version (https://www.omegusprime.com/Request/ABC).
VB example:
<form action="@Url.Action("ABC", "Request", Nothing, "https")" method="post">
...
</form>
Should look like this in C#:
<form action="@Url.Action("ABC", "Request", null, "https")" method="post">
Why would you redirect a form post to HTTPS when you can just make the form post directly to HTTPS?
In any case, you don't have to use the HTMLHelper in MVC, you can just use normal HTML to write up your form. So, instead of using Html.BeginForm(...) you can just use this:
<form action="https://www.omegusprime.com/Request/ABC" method="POST">
...
your form fields
...
</form>
One way to do it is at the routing level. But like Steve says, it's hacky.
Technically you cannot redirect a post. You can forward it from one action to another, but you can't issue a redirect. Redirects are GET not POST.
Really the best way to do this is to make sure the form is rendered in an HTTPS GET request. If the page is https://whatever.com, then Html.BeginForm will render a URL relative to that. So posting from an HTTPS page to a relative URL will mean the form is POSTed over HTTPS.
I second Paul's question: Why would you want to render the form over HTTP, but POST it over HTTPS?
