【问题标题】:RequireSSL fails on Url with QuerystringRequireSSL 在带有 Querystring 的 Url 上失败
【发布时间】:2009-12-09 04:47:37
【问题描述】:

我使用从 MVC 期货中获取的这段代码,并将属性 RequireSsl 附加到一个操作。 它适用于像http://localhost/de/Account/Login 这样的简单 URL,但如果我有一个查询字符串,则问号会被 url 编码并且请求失败。

http://localhost/de/Account/Login?test=omg 重定向到 https://localhost/de/Account/Login%3Ftest=omg。有人搞定了吗?

 [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public sealed class RequireSslAttribute : FilterAttribute, IAuthorizationFilter
{
    public RequireSslAttribute()
    {
        Redirect = true;
    }

    public bool Redirect { get; set; }

    public void OnAuthorization(AuthorizationContext filterContext)
    {
        //Validate.IsNotNull(filterContext, "filterContext");

        if (!Configuration.EnableSSL) return;

        if (!filterContext.HttpContext.Request.IsSecureConnection)
        {
            // request is not SSL-protected, so throw or redirect
            if (Redirect)
            {
                // form new URL
                UriBuilder builder = new UriBuilder
                {
                    Scheme = "https",
                    Host = filterContext.HttpContext.Request.Url.Host,
                    // use the RawUrl since it works with URL Rewriting
                    Path = filterContext.HttpContext.Request.RawUrl
                };
                filterContext.Result = new RedirectResult(builder.ToString());
            }
            else
            {
                throw new HttpException((int)HttpStatusCode.Forbidden, "Access forbidden. The requested resource requires an SSL connection.");
            }
        }
    }


}

【问题讨论】:

    标签: asp.net-mvc ssl


    【解决方案1】:

    我变了

     UriBuilder builder = new UriBuilder
                    {
                        Scheme = "https",
                        Host = filterContext.HttpContext.Request.Url.Host,
                        // use the RawUrl since it works with URL Rewriting
                        Path = filterContext.HttpContext.Request.RawUrl
                    };
    

                        UriBuilder builder = new UriBuilder
                    {
                        Scheme = "https",
                        Host = filterContext.HttpContext.Request.Url.Host,
                        Path = filterContext.HttpContext.Request.Url.LocalPath,
                        Query = filterContext.HttpContext.Request.Url.PathAndQuery
    
                    };
    

    我现在不使用 UrlRewriting,这就是为什么我认为这对我来说是安全的。

    【讨论】:

      【解决方案2】:
      UriBuilder builder = new UriBuilder
      {
          Scheme = "https",
          Host = filterContext.HttpContext.Request.Url.Host,
          Path = filterContext.HttpContext.Request.Path,
          Query = filterContext.HttpContext.Request.QueryString.ToString ()
      };
      

      【讨论】:

        猜你喜欢
        • 2023-03-12
        • 1970-01-01
        • 2019-11-08
        • 2012-08-28
        • 1970-01-01
        • 2013-06-08
        • 2012-12-31
        • 2021-09-17
        • 1970-01-01
        相关资源
        最近更新 更多