tags:

views:

147

answers:

4
+2  Q: 

How to turn off MVC.NET version 2's RequireHttps attribute?

I see that version 2 of MVC.NET now has a RequireHttps attribute, which works great for me. However, what's a good strategy for turning the effect off? For example, I want to use Https on some pages, but regular Http on others. Should I create my own RequireHttp attribute?

EDIT: I'm using my own RequireHttp attribute, and it works fine, but I'm wondering if there's some built-in functionality in MVC.NET Version 2 that I'm missing.

EDIT 2: I must not have been clear. My question concerns the following: if you use RequireHttps, then any requests after that will be over Https even if the Controller or Action is not decorated with RequireHttps. Unless I'm mistaken, you need a 2nd attribute such as RequireHttp to redirect requests to Http instead of Https.

+3  A: 

The point of the ActionFilterAttribute is that you can apply them to any actions you want. Or in other words, you don't have to apply them to all the actions.

If you don't want an attribute's logic injected into an action, then simply don't apply the attribute to it. For example :

public class SomeController : Controller {
    [RequireHttps]
    public ActionResult SomeAction() {
        //the attribute's logic will be injected to this action.
        return View();
    }

    public ActionResult SomeOtherAction() {
        //this action doesn't require https protocol
        return View();
    }
}

If you apply the attribute to the controller itself, then it will be applied to all the actions in the controller.

Edit :

To require http protocol instead of https, I think you can use the attribute below. I will double check to see if MVC 2 has this already. But if it doesn't (It doesn't) :

public class RequireHttp : ActionFilterAttribute {
   public override void OnActionExecuting(ActionExecutingContext filterContext) {
        if (filterContext.HttpContext.Request.IsSecureConnection) {
            UriBuilder builder = new UriBuilder() {
                Scheme = "http",
                Host = filterContext.HttpContext.Request.Url.Host,
                Path = filterContext.HttpContext.Request.RawUrl
            };

            filterContext.Result = new RedirectResult(builder.ToString());
            filterContext.Result.ExecuteResult(filterContext);
        }
        base.OnActionExecuting(filterContext);
    }
}
çağdaş  2009-10-24 17:31:35
Please see my Edit 2.
Slack  2009-10-24 17:40:12
@Bob, edited the answer.
çağdaş  2009-10-24 17:45:21
@Bob, looking at the source code, I don't think there's already a `RequireHttp` attribute. So yes, you're going to have to roll your own.
çağdaş  2009-10-24 17:52:24
@çağdaş Thank you! This helped me a lot.
Zack Peterson  2010-03-31 17:19:59
A:  
[RequireHttps] //apply to all actions in controller
public class SomeController
{
    //... or ...
    [RequireHttps] //apply to this action only
    public ActionResult SomeAction()
    {
    }
}

Applying it at the controller level also applies it to all action methods, otherwise apply it to each individual Action method.

David Liddle  2009-10-24 17:32:33
Please see my Edit 2.
Slack  2009-10-24 17:39:09
+1  A: 

You could apply the attribute either at the controller in which case it will apply for all actions, or only on selected actions.

//apply to all actions
[RequireHttps] 
public class SomeController 
{
    //apply to this action only
    [RequireHttps] 
    public ActionResult SomeAction()
    {
    }

}
Darin Dimitrov  2009-10-24 17:34:11
Please see my Edit 2.
Slack  2009-10-24 17:39:42
Consecutive requests won't necessary all be on HTTPS. They will use the scheme defined in your action links and forms, so you could setup the desired scheme when generating your links.
Darin Dimitrov  2009-10-24 17:44:48
Re: your 24-Oct-2009 comment. Thanks -- it hadn't occurred to me to simply redirect to HTTP in the links from my View.
Slack  2009-10-29 00:02:54
@bob but don't you then end up with those messages about changing from secure connection to insecure connection in certain browsers?
Simon_Weaver  2009-11-06 05:49:38
A: 

It worked for me!

I converted the çağdaş answer to Visual Basic:

Public Class RequireHttpAttribute
    Inherits ActionFilterAttribute

    Public Overrides Sub OnActionExecuting(ByVal filterContext As _
                                           ActionExecutingContext)
        If (filterContext.HttpContext.Request.IsSecureConnection) Then
            Dim builder As UriBuilder = New UriBuilder()
            builder.Scheme = "http"
            builder.Host = filterContext.HttpContext.Request.Url.Host
            builder.Path = filterContext.HttpContext.Request.RawUrl

            filterContext.Result = New RedirectResult(builder.ToString())
            filterContext.Result.ExecuteResult(filterContext)
        End If

        MyBase.OnActionExecuting(filterContext)
    End Sub

End Class

I use it like this:

<RequireHttp()> _
Public Class SomeController

    <RequireHttp()> _
    Function SomeAction(...) As ActionResult
        ...
    End Function

End Class

I'm also using Joel Mueller's RemoteRequireHttps described here:
ASP.NET MVC RequireHttps in Production Only

Zack Peterson  2010-03-31 17:19:34

related questions

What's the best way to implement field validation using ASP.NET MVC?
How do I handle page flow in MVC (particularly asp.net)
Entity diagrams in ASP.NET MVC
How do I get rid of Home in ASP.Net MVC?
Can I generate ASP.NET MVC routes from a Sitemap?
ASP.NET Model-view-controller (MVC) - where do I start from?
user controls and asp.net mvc
ASP.Net MVC route mapping
RSS Feeds in ASP.NET MVC
Open Source Licensing Options for ASP.NET MVC Application?
Does the OutputCacheFilter in the Microsoft MVC Preview 4 actually save on action invocations?
MVC Learning Resources
Validating posted form data in the ASP.NET MVC framework
Best mock framework that can do both WebForms and MVC?
Use the routing engine for form submissions in ASP.NET MVC Preview 4
How do you get a custom id to render using HtmlHelper in MVC
MVC Preview 4 - No route in the route table matches the supplied values.
Is there a way to include a fragment identifier when using Asp.Net MVC ActionLink, RedirectToAction, etc. ?
In ASP.NET MVC I encounter an incorrect type error when rendering a user control with the correct typed object
ASP.NET MVC - Is it worth it yet?
Multiple languages in an ASP.NET MVC application?
Is it better to create Model classes, or just stick with generic database utility class?
ASP.NET MVC Without Visual Studio
ASP.NET MVC "CRUD" Database Sample
How to RedirectToAction in ASP.NET MVC without losing request data