Skip to content

Instantly share code, notes, and snippets.

@geersch geersch/gist:7710361
Last active Mar 9, 2018

Embed
What would you like to do?
AppHarbor RequireHttpsAttribute for Web API
using System;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
namespace AppHarbor.Web
{
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public class RequireHttpsAttribute : AuthorizationFilterAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
if (actionContext == null)
throw new ArgumentNullException("actionContext");
if (actionContext.Request.RequestUri.Scheme == Uri.UriSchemeHttps)
return;
if (actionContext.Request.Headers.Contains("X-Forwarded-Proto"))
{
var uriScheme = Convert.ToString(actionContext.Request.Headers.GetValues("X-Forwarded-Proto").First());
if (string.Equals(uriScheme, "https", StringComparison.InvariantCultureIgnoreCase))
return;
}
if (actionContext.Request.IsLocal())
return;
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.