tags:

views:

88

answers:

3
Q: 

ASP.NET MVC - HTML.BeginForm and SSL

Hello, I am encountering an issue with what should be a simple logon form in ASP.NET MVC 2. Essentially my form looks a little something like this:

using (Html.BeginForm("LogOn", "Account", new { area = "Buyers" }, FormMethod.Post, new { ID = "buyersLogOnForm" }))

I have a RequiresHTTPS filter on the LogOn Action method but when it executes I receive the following message

The requested resource can only be accessed via SSL

At this point the only solution that worked was to pass in an extra action htmlattribute as follows:

 var actionURL = "https://"  + Request.Url.Host + Request.Url.PathAndQuery;   
 using (Html.BeginForm("LogOn", "Account", new { area = "Buyers" }, FormMethod.Post, new { ID = "buyersLogOnForm", @action = actionURL }))

While this works I wonder a) why i am seeing this issue in the first place and b) if there is a more straightforward way of posting to https from a http page?

[Edit]

I should have stated that the logon dropdown will be available on many public pages. I do not want all of my pages to be HTTPS. For instance, my hope page - which ANYONE can see - should not be HTTPS based. Essentially I need to specify the protocol in my form but have no idea how to do that, or if it is possible.

I would appreciate any advice/suggestions. Thanks in advance

JP

+1  A: 

Use the [RequireHttps] attribute on both the action that renders the form and the one you are posting to.

Darin Dimitrov  2010-06-19 18:12:16
The logon dropdown will be available on many public pages. I do not want all of my pages to be HTTPS. For instance, my hope page - which ANYONE can see - should not be HTTPS based
JP  2010-06-19 18:25:58
Users might be dissuaded to enter their username and password on a login page on which the padlock is not visible in their browser. It is considered good practice to use HTTPS on logon pages.
Darin Dimitrov  2010-06-19 18:38:06
I definitely see your point. However, I believe this to be a design decision and not necessarily something that should be a technical constraint. Take Twitter as an example of where such a dropdown (from a non https page) enhances the user login experience - not requiring a full page load for two simple fields.
JP  2010-06-19 21:27:36
+3  A: 

You could use 

<form action =" <%= Url.Action(
"action",
"controller",
ViewContext.RouteData.Values,
"https"
) %>" method="post" >
Malcolm Frexner  2010-06-19 19:55:51
A: 

Adding HTTPS/SSL support to ASP.NET MVC routing « Steve Sanderson’s blog

How about this?

SSL support in ASP.NET MVC « Exploring the world …

This approach is more easy.

takepara  2010-06-20 14:56:51

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?