requireSsl mvc attribute : working with returlUrl

Question

I have [requireSsl] on my accounts controller.

It appears to work for all actions except the login action. I believe this is because the login action is called as follws:

    new { controller = "Account", returnUrl = HttpContext.Current.Request.RawUrl }


Account/Login?returnUrl...
Account/Login%3freturnUrl...

when changing to https the second line results in bad request.

EDIT: THE PROBLEM IS THAT THE "?" CHARACTER GETS CONVERTED TO "%3F". I tried also to do this with url rewirte in iis7 and the same thing. so what is the cause and how to fix?

UPDATE: I did get HTTPS to work using IIS Rewrite, but not MVC as described above. I removed enable ssl and did it purely in iis. I still would like to know why it doesnt work in mvc.

Answer 1

It doesn't work because of what you pointed out: the ? character is getting encoded when it shouldn't. This is a bug.

The original RequireSslAttribute code:

UriBuilder builder = new UriBuilder
{
  Scheme = "https",
  Host = filterContext.HttpContext.Request.Url.Host,
  // gets encoded and shouldn't include 
  Path = filterContext.HttpContext.Request.RawUrlthe ?
};
filterContext.Result = new RedirectResult (builder.ToString ());

should probably be changed to something like

UriBuilder builder = new UriBuilder
{
 Scheme = "https",
 Host = filterContext.HttpContext.Request.Url.Host,
 Path = filterContext.HttpContext.Request.Path,
 Query = filterContext.HttpContext.Request.QueryString.ToString ()
};
filterContext.Result = new RedirectResult (builder.ToString ());