Windows Azure ASP.NET MVC Role behaves strangely when redirecting from HTTP to HTTPS

Question

Subj. I've got an ASP.NET 2 MVC Worker Role Application, that does not differ much from the default template.

When attempting redirect from HTTP to HTTPS (this happens when we access constroller secured by the usual RequireSSL attribute implementation) we get blank page with "Bad Request" message.

IntelliTrace shows this:

Thrown: "The file '/Views/Home/LogOnUserControl.aspx' does not exist." (System.Web.HttpException)

Call stack is really short:

[External Code] 
App_Web_vfahw7gz.dll!ASP.views_shared_site_master.__Render__control1(System.Web.UI.HtmlTextWriter __w = {unknown}, System.Web.UI.Control parameterContainer = {unknown})    
[External Code] 
App_Web_bsbqxr44.dll!ASP.views_home_index_aspx.ProcessRequest(System.Web.HttpContext context = {unknown})   
[External Code] 

User control reference is the usual one in /Views/Shared/Site.Master:

<div id="logindisplay">
    <% Html.RenderPartial("LogOnUserControl"); %>
</div> 

And partial view LogOnUserControl.ashx is located in Views/Shared (and it is ASCX, not ASPX).

Problem shows up, when we try to access site pages, that require auth (FormsAuth) and redirect because of the SSL. These pages are secured by RequireSSL attribute (Redirect == true):

[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = false)]
public sealed class RequireSslAttribute : FilterAttribute, IAuthorizationFilter
{
  public bool Redirect { get; set; }

  // Methods
  public void OnAuthorization(AuthorizationContext filterContext)
  {
    // this get's messy, when we are running custom ports
    // within the local dev fabric.
    // hence we disable code in the debug

#if !DEBUG
    if (filterContext == null)
    {
      throw new ArgumentNullException("filterContext");
    }

    if (filterContext.HttpContext.Request.IsSecureConnection)
      return;

    var canRedirect = string.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase);

    if (canRedirect && Redirect)
    {
      var builder = new UriBuilder
      {
        Scheme = "https",
        Host = filterContext.HttpContext.Request.Url.Host,
        Path = filterContext.HttpContext.Request.RawUrl
      };
      filterContext.Result = new RedirectResult(builder.ToString());
    }
    else
    {
      throw new HttpException(0x193, "Access forbidden. The requested resource requires an SSL connection.");
    }
#endif
  }
}

Obviously we compile in RELEASE for this case.

Does anybody have any idea, what could cause this strange exception and how to get rid of it?

Answer 1

NB: that's not the proper solution, but it worked for now. By marking the entire home controller with RequireSsl we force all visitors to use Https from the start.

It is still possible to hit the error by calling something like:

http://project.company.com/User/Login?ReturnUrl=/solution

But it is not likely to get to such a link by navigating the site, so this will work for the time being.

Answer 2

Is there a specific reason your "LogOnUserControl" partial view is an ashx file rather than aspx/ascx? I'm under the impression that MVC only looks for .aspx and .ascx files as a convention.