Skip to content

Instantly share code, notes, and snippets.

@bjcull
Created May 15, 2015 06:50
Show Gist options
  • Save bjcull/f36a6c9227855a4ed2d5 to your computer and use it in GitHub Desktop.
Save bjcull/f36a6c9227855a4ed2d5 to your computer and use it in GitHub Desktop.
An improved HTTPS redirection filter for ASP.NET MVC.
public class CustomRequireHttpsFilter : RequireHttpsAttribute
{
protected override void HandleNonHttpsRequest(AuthorizationContext filterContext)
{
// The base only redirects GET, but we added HEAD as well. This avoids exceptions for bots crawling using HEAD.
// The other requests will throw an exception to ensure the correct verbs are used.
// We fall back to the base method as the mvc exceptions are marked as internal.
if (!String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase)
&& !String.Equals(filterContext.HttpContext.Request.HttpMethod, "HEAD", StringComparison.OrdinalIgnoreCase))
{
base.HandleNonHttpsRequest(filterContext);
}
// Redirect to HTTPS version of page
// We updated this to redirect using 301 (permanent) instead of 302 (temporary).
string url = "https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
if (string.Equals(filterContext.HttpContext.Request.Url.Host, "localhost", StringComparison.OrdinalIgnoreCase))
{
// For localhost requests, default to IISExpress https default port (44300)
url = "https://" + filterContext.HttpContext.Request.Url.Host + ":44300" + filterContext.HttpContext.Request.RawUrl;
}
filterContext.Result = new RedirectResult(url, true);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment