託管在Rackspace（Mosso）Cloud時檢查SSL

Question

我正在使用Request.IsSecureConnection檢查SSL並在適當的位置重定向。當在Rackspace的雲上運行我的asp.net網站時，服務器運行在SSL集羣后面，因此IsSecureConnection將始終返回false。檢查URL是否包含「https：//」，始終爲false，檢查端口等等也是如此。因此，該網站被卡在大的重定向循環中。

是否有其他方法檢查SSL並在適當的地方重定向？任何已經在Rackspace的雲端上實現了這一點的人？

Public Class SecurityAwarePage 
    Inherits Page 

    Private _requireSSL As Boolean = False 

    Public Property RequireSSL() As Boolean 
     Get 
      Return _requireSSL 
     End Get 
     Set(ByVal value As Boolean) 
      _requireSSL = value 
     End Set 
    End Property 

    Private ReadOnly Property IsSecure() As Boolean 
     Get 
      Return Request.IsSecureConnection 
     End Get 
    End Property 

    Protected Overrides Sub OnInit(ByVal e As System.EventArgs) 
     MyBase.OnInit(e) 

     PushSSL() 
    End Sub 

    Private Sub PushSSL() 
     Const SECURE As String = "https://" 
     Const UNSECURE As String = "http://" 

     If RequireSSL AndAlso Not IsSecure Then 
      Response.Redirect(Request.Url.ToString.Replace(UNSECURE, SECURE)) 
     ElseIf Not RequireSSL AndAlso IsSecure Then 
      Response.Redirect(Request.Url.ToString.Replace(SECURE, UNSECURE)) 
     End If 

    End Sub 

End Class 

Answer 1

雖然很難檢查SSL是否參與解決問題的辦法是強制SSL。

從RackspaceCloud Support knowledge base：

你可以重新寫在web.config中的URL：

<configuration> 
<system.webServer> 
    <rewrite> 
    <rules> 
     <rule name="Redirect to HTTPS" stopProcessing="true"> 
     <match url=".*" /> 
     <conditions> 
      <add input="{HTTP_CLUSTER_HTTPS}" pattern="^on$" negate="true" /> 
      <add input="{HTTP_CLUSTER-HTTPS}" pattern=".+" negate="true" /> 
     </conditions> 
     <action type="Redirect" url="https://{HTTP_HOST}{SCRIPT_NAME}" redirectType="SeeOther" /> 
     </rule> 
    </rules> 
    </rewrite> 
</system.webServer> 
</configuration> 

您可以強制SSL在ASP.NET：

<%@ Page Language="C#" %> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> 

<script runat="server"> 
    protected void Page_Load(object sender, System.EventArgs e) 
    { 
    if(Request.ServerVariables["HTTP_CLUSTER_HTTPS"] != "on") 
    { 
     if(Request.ServerVariables.Get("HTTP_CLUSTER-HTTPS") == null) 
     { 
     string xredir__, xqstr__; 

     xredir__ = "https://" + Request.ServerVariables["SERVER_NAME"]; 
     xredir__ += Request.ServerVariables["SCRIPT_NAME"]; 
     xqstr__ = Request.ServerVariables["QUERY_STRING"]; 

     if (xqstr__ != "") 
      xredir__ = xredir__ + "?" + xqstr__; 

     Response.Redirect(xredir__); 
     } 
    } 
    Response.Write("SSL Only"); 
    } 
</script> 

<html> 
<head id="Head1" runat="server"> 
    <title>SSL Only</title> 
</head> 
<body> 
</body> 
</html> 

Answer 2

我就遇到了這個與Rackspace Cloud相同的問題，最終通過手動實現Request.IsSecureConnection（）擴展方法並用我自己的框架替換框架的RequireHttpsAttribute來解決它。希望別人也會覺得這很有用。

/// <summary> 
/// Replaces framework-provided RequireHttpsAttribute to disable SSL requirement for local requests 
/// and properly enforce SSL requirement when used with Rackspace Cloud's load balancer 
/// </summary> 
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)] 
public class RequireHttpsAttribute : FilterAttribute, IAuthorizationFilter 
{ 
    public virtual void OnAuthorization(AuthorizationContext filterContext) { 
     if (filterContext == null) { 
      throw new ArgumentNullException("filterContext"); 
     } 

     if (filterContext.HttpContext.Request.IsLocal) 
      return; 

     if (!filterContext.HttpContext.Request.IsSecureConnection()) { 
      HandleNonHttpsRequest(filterContext); 
     } 
    } 

    protected virtual void HandleNonHttpsRequest(AuthorizationContext filterContext) { 
     // only redirect for GET requests, otherwise the browser might not propagate the verb and request 
     // body correctly. 

     if (!String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase)) { 
      throw new InvalidOperationException("The requested resource can only be accessed via SSL."); 
     } 

     // redirect to HTTPS version of page 
     string url = "https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl; 
     filterContext.Result = new RedirectResult(url); 
    } 

} 

public static class Extensions { 
    /// <summary> 
    /// Gets a value which indicates whether the HTTP connection uses secure sockets (HTTPS protocol). Works with Rackspace Cloud's load balancer 
    /// </summary> 
    /// <param name="request"></param> 
    /// <returns></returns> 
    public static bool IsSecureConnection(this HttpRequestBase request) { 
     const string rackspaceSslVar = "HTTP_CLUSTER_HTTPS"; 

     return (request.IsSecureConnection || (request.ServerVariables[rackspaceSslVar] != null || request.ServerVariables[rackspaceSslVar] == "on")); 
    } 

    /// <summary> 
    /// Gets a value which indicates whether the HTTP connection uses secure sockets (HTTPS protocol). Works with Rackspace Cloud's load balancer 
    /// </summary> 
    /// <param name="request"></param> 
    /// <returns></returns> 
    public static bool IsSecureConnection(this HttpRequest request) { 
     const string rackspaceSslVar = "HTTP_CLUSTER_HTTPS"; 

     return (request.IsSecureConnection || (request.ServerVariables[rackspaceSslVar] != null || request.ServerVariables[rackspaceSslVar] == "on")); 
    } 
}