I have a site, which contains several ashx handlers, on a couple of the handlers I want to reject non-SSL requests. Is there a way that I can do this in code?
+4
A:
If you must do it programmatically, a way I've done it in the past is to inspect the url and look for "https" in it. Redirect if you don't see that. Request.IsSecureConnection should be the preferred method, however. You may have to add additional logic to handle a loopback address.
Kilhoffer
2008-09-12 13:47:03
+3
A:
I think the proper way is to check the Request.IsSecureConnection property and redirect or throw if it's false
rpetrich
2008-09-12 13:50:52
+2
A:
Try using the System.Web.HttpContext.Current.Request.IsSecureConnection to validate whether they are connecting securely, and then perform whatever denies you would like after that (returning an error message, or whatever your business need is).
Thunder3
2008-09-12 13:51:34