RequireHttpsAttribute using X-Forwarded-Proto header
using System; | |
using System.Web.Mvc; | |
using RequireHttpsAttributeBase = System.Web.Mvc.RequireHttpsAttribute; | |
namespace AppHarbor.Web | |
{ | |
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, | |
AllowMultiple = false)] | |
public class RequireHttpsAttribute : RequireHttpsAttributeBase | |
{ | |
public override void OnAuthorization(AuthorizationContext filterContext) | |
{ | |
if (filterContext == null) | |
{ | |
throw new ArgumentNullException("filterContext"); | |
} | |
if (filterContext.HttpContext.Request.IsSecureConnection) | |
{ | |
return; | |
} | |
if (string.Equals(filterContext.HttpContext.Request.Headers["X-Forwarded-Proto"], | |
"https", | |
StringComparison.InvariantCultureIgnoreCase)) | |
{ | |
return; | |
} | |
if (filterContext.HttpContext.Request.IsLocal) | |
{ | |
return; | |
} | |
HandleNonHttpsRequest(filterContext); | |
} | |
} | |
} |
This comment has been minimized.
This comment has been minimized.
Just what the doctor ordered! Thanks for sharing! |
This comment has been minimized.
This comment has been minimized.
We have just had to come to this and had to do a FirstOrDefault() when checking the headers...
|
This comment has been minimized.
This comment has been minimized.
Here's a quick gist containing a similar version for requiring HTTPS on Web API calls for AppHarbor: |
This comment has been minimized.
This comment has been minimized.
I suggest using Uri.UriSchemeHttps instead of "https" directly. http://msdn.microsoft.com/zh-tw/library/system.uri.urischemehttps(v=vs.110).aspx |
This comment has been minimized.
This comment has been minimized.
Also, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
How about asp.net web api?
a custom RequireHttpsAttribute that also takes into consideration the "X-Forwarded-Proto" Header is also needed.
Correct?