7
一旦你放在一個動作和用戶開關[RequireHttps]從HTTP到HTTPS,所有後續鏈接將留HTTPS ...ASP.NET MVC [RequireHttps] - 返回HTTP
有沒有辦法切換回HTTP?
A
回答
6
技術上相當詳細的描述,你可以做到這一點
你可以look at the source的RequireHttpsAttribute並將其逆轉。
在實踐中,你可能不應該
如果會話還活着,it is generally inadvisable to return to HTTP。這可以是foundation for a variety of attacks,例如session hijacking。
2
有怎樣處理這個鏈接從HTTPS切換回HTTP採取具體行動方法
http://blog.clicktricity.com/2010/03/switching-to-https-and-back-to-http-in-asp-net-mvc/
1
這裏的 'ExitHttpsIfNotRequired' 屬性使用:
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class RetainHttpsAttribute : Attribute
{
}
public class ExitHttpsIfNotRequiredAttribute : FilterAttribute, IAuthorizationFilter
{
public void OnAuthorization(AuthorizationContext filterContext)
{
// Abort if it's not a secure connection
if (!filterContext.HttpContext.Request.IsSecureConnection) return;
if (filterContext.ActionDescriptor.ControllerDescriptor.ControllerName == "sdsd") return;
// Abort if it's a child controller
if (filterContext.IsChildAction) return;
// Abort if a [RequireHttps] attribute is applied to controller or action
if (filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(RequireHttpsAttribute), true).Length > 0) return;
if (filterContext.ActionDescriptor.GetCustomAttributes(typeof(RequireHttpsAttribute), true).Length > 0) return;
// Abort if a [RetainHttps] attribute is applied to controller or action
if (filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(RetainHttpsAttribute), true).Length > 0) return;
if (filterContext.ActionDescriptor.GetCustomAttributes(typeof(RetainHttpsAttribute), true).Length > 0) return;
// Abort if it's not a GET request - we don't want to be redirecting on a form post
if (!String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase)) return;
// Abort if the error controller is being called - we may wish to display the error within a https page
if (filterContext.ActionDescriptor.ControllerDescriptor.ControllerName == "Error") return;
// No problems - redirect to HTTP
string url = "http://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
filterContext.Result = new RedirectResult(url);
}
}
相關問題
- 1. ASP.NET MVC RequireHttps not available
- 2. ASP.NET MVC - RequireHttps - 指定重定向URL
- 3. CloudFlare SSL與ASP.NET MVC的兼容性RequireHttps
- 4. MVC RequireHttps整個網站
- 5. ASP.net MVC返回JSONP
- 6. ASP.NET MVC返回PartialViewResult
- 7. MVC RequireHttps,如果沒有使用https
- 8. ASP.NET Core Web API HTTP POST在Azure中返回404
- 9. ASP.NET MVC JsonResult返回500
- 10. ASP.NET MVC RC返回Url.Content
- 11. asp.net MVC ModelState.IsValid返回false
- 12. ASP.NET MVC返回Excel文件
- 13. asp.net MVC返回actionresult視頻
- 14. ASP.NET MVC返回的ViewResult
- 15. 返回一個HttpWebResponse ASP.Net MVC
- 16. ASP.NET MVC CookieTempDataProvider.DeserializeTempData返回null
- 17. ASP.NET MVC ViewEngine ViewLocationCache.GetViewLocation返回null
- 18. ASP.NET MVC:OutputCache屬性忽略RequireHttps屬性?
- 19. 返回http狀態碼409衝突(沒有ASP.NET MVC變更)
- 20. 返回在ASP.NET MVC中的視圖MVC
- 21. ASP.NET MVC:從http
- 22. ASP.NET MVC:如何自動禁用本地主機上的[RequireHttps]?
- 23. asp.net MVC,IIS - HTTP 404.0,403.14
- 24. ASP.Net MVC模型綁定返回空值
- 25. ASP.NET MVC中的JSON返回格式
- 26. 返回當前URL在asp.net mvc的
- 27. ASP.NET MVC結果返回助手
- 28. ASP.NET MVC - 返回JavascriptResult和JSON參數
- 29. ASP.net MVC @ html.dropdown不返回選定的值
- 30. 返回上一頁ASP.Net核心MVC
這可以通過過濾器來完成。試着搜索一下,有很多問題幾乎和你的一樣。 – 2012-02-21 02:04:43