| using System; | |
| using System.Web.Mvc; | |
| using RequireHttpsAttributeBase = System.Web.Mvc.RequireHttpsAttribute; | |
| namespace AppHarbor.Web | |
| { | |
| [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, | |
| AllowMultiple = false)] | |
| public class RequireHttpsAttribute : RequireHttpsAttributeBase | |
| { | |
| public override void OnAuthorization(AuthorizationContext filterContext) | |
| { | |
| if (filterContext == null) | |
| { | |
| throw new ArgumentNullException("filterContext"); | |
| } | |
| if (filterContext.HttpContext.Request.IsSecureConnection) | |
| { | |
| return; | |
| } | |
| if (string.Equals(filterContext.HttpContext.Request.Headers["X-Forwarded-Proto"], | |
| "https", | |
| StringComparison.InvariantCultureIgnoreCase)) | |
| { | |
| return; | |
| } | |
| if (filterContext.HttpContext.Request.IsLocal) | |
| { | |
| return; | |
| } | |
| HandleNonHttpsRequest(filterContext); | |
| } | |
| } | |
| } |
coachrob
commented
Apr 2, 2013
|
Just what the doctor ordered! Thanks for sharing! |
HartleyOriginalJam
commented
Apr 12, 2013
|
We have just had to come to this and had to do a FirstOrDefault() when checking the headers...
|
geersch
commented
Nov 29, 2013
|
Here's a quick gist containing a similar version for requiring HTTPS on Web API calls for AppHarbor: |
RobertVandenberg
commented
Aug 5, 2014
|
I suggest using Uri.UriSchemeHttps instead of "https" directly. http://msdn.microsoft.com/zh-tw/library/system.uri.urischemehttps(v=vs.110).aspx |
dahlbyk
commented
Jun 15, 2016
|
Also, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ignaciofuentes commentedJul 12, 2012
How about asp.net web api?
a custom RequireHttpsAttribute that also takes into consideration the "X-Forwarded-Proto" Header is also needed.
Correct?