一旦你放在一個動作和用戶開關[RequireHttps]
從HTTP到HTTPS,所有後續鏈接將留HTTPS ...ASP.NET MVC [RequireHttps] - 返回HTTP
有沒有辦法切換回HTTP?
一旦你放在一個動作和用戶開關[RequireHttps]
從HTTP到HTTPS,所有後續鏈接將留HTTPS ...ASP.NET MVC [RequireHttps] - 返回HTTP
有沒有辦法切換回HTTP?
技術上相當詳細的描述,你可以做到這一點
你可以look at the source的RequireHttpsAttribute
並將其逆轉。
在實踐中,你可能不應該
如果會話還活着,it is generally inadvisable to return to HTTP。這可以是foundation for a variety of attacks,例如session hijacking。
有怎樣處理這個鏈接從HTTPS切換回HTTP採取具體行動方法
http://blog.clicktricity.com/2010/03/switching-to-https-and-back-to-http-in-asp-net-mvc/
這裏的 'ExitHttpsIfNotRequired' 屬性使用:
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class RetainHttpsAttribute : Attribute
{
}
public class ExitHttpsIfNotRequiredAttribute : FilterAttribute, IAuthorizationFilter
{
public void OnAuthorization(AuthorizationContext filterContext)
{
// Abort if it's not a secure connection
if (!filterContext.HttpContext.Request.IsSecureConnection) return;
if (filterContext.ActionDescriptor.ControllerDescriptor.ControllerName == "sdsd") return;
// Abort if it's a child controller
if (filterContext.IsChildAction) return;
// Abort if a [RequireHttps] attribute is applied to controller or action
if (filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(RequireHttpsAttribute), true).Length > 0) return;
if (filterContext.ActionDescriptor.GetCustomAttributes(typeof(RequireHttpsAttribute), true).Length > 0) return;
// Abort if a [RetainHttps] attribute is applied to controller or action
if (filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(RetainHttpsAttribute), true).Length > 0) return;
if (filterContext.ActionDescriptor.GetCustomAttributes(typeof(RetainHttpsAttribute), true).Length > 0) return;
// Abort if it's not a GET request - we don't want to be redirecting on a form post
if (!String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase)) return;
// Abort if the error controller is being called - we may wish to display the error within a https page
if (filterContext.ActionDescriptor.ControllerDescriptor.ControllerName == "Error") return;
// No problems - redirect to HTTP
string url = "http://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
filterContext.Result = new RedirectResult(url);
}
}
這可以通過過濾器來完成。試着搜索一下,有很多問題幾乎和你的一樣。 – 2012-02-21 02:04:43