Skip to content

Instantly share code, notes, and snippets.

Last active Mar 9, 2018
What would you like to do?
AppHarbor RequireHttpsAttribute for Web API
using System;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
namespace AppHarbor.Web
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public class RequireHttpsAttribute : AuthorizationFilterAttribute
public override void OnAuthorization(HttpActionContext actionContext)
if (actionContext == null)
throw new ArgumentNullException("actionContext");
if (actionContext.Request.RequestUri.Scheme == Uri.UriSchemeHttps)
if (actionContext.Request.Headers.Contains("X-Forwarded-Proto"))
var uriScheme = Convert.ToString(actionContext.Request.Headers.GetValues("X-Forwarded-Proto").First());
if (string.Equals(uriScheme, "https", StringComparison.InvariantCultureIgnoreCase))
if (actionContext.Request.IsLocal())
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment