Created
May 15, 2015 06:50
-
-
Save bjcull/f36a6c9227855a4ed2d5 to your computer and use it in GitHub Desktop.
An improved HTTPS redirection filter for ASP.NET MVC.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public class CustomRequireHttpsFilter : RequireHttpsAttribute | |
{ | |
protected override void HandleNonHttpsRequest(AuthorizationContext filterContext) | |
{ | |
// The base only redirects GET, but we added HEAD as well. This avoids exceptions for bots crawling using HEAD. | |
// The other requests will throw an exception to ensure the correct verbs are used. | |
// We fall back to the base method as the mvc exceptions are marked as internal. | |
if (!String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase) | |
&& !String.Equals(filterContext.HttpContext.Request.HttpMethod, "HEAD", StringComparison.OrdinalIgnoreCase)) | |
{ | |
base.HandleNonHttpsRequest(filterContext); | |
} | |
// Redirect to HTTPS version of page | |
// We updated this to redirect using 301 (permanent) instead of 302 (temporary). | |
string url = "https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl; | |
if (string.Equals(filterContext.HttpContext.Request.Url.Host, "localhost", StringComparison.OrdinalIgnoreCase)) | |
{ | |
// For localhost requests, default to IISExpress https default port (44300) | |
url = "https://" + filterContext.HttpContext.Request.Url.Host + ":44300" + filterContext.HttpContext.Request.RawUrl; | |
} | |
filterContext.Result = new RedirectResult(url, true); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment