文章/答案/技术大牛

发布

社区首页 >问答首页 >RequireSSL在包含查询字符串的Url上失败

问RequireSSL在包含查询字符串的Url上失败
EN

Stack Overflow用户

提问于 2009-10-31 20:59:36

回答 2查看 532关注 0票数 1

我使用这段代码，它取自MVC futures，并将属性RequireSsl附加到一个操作上。它适用于像http://localhost/de/Account/Login这样的简单Url，但是如果我有一个查询字符串，那么问号就会被编码，请求就会失败。

http://localhost/de/Account/Login?test=omg重定向到https://localhost/de/Account/Login%3Ftest=omg。有人把它修好了吗？

 [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public sealed class RequireSslAttribute : FilterAttribute, IAuthorizationFilter
{
    public RequireSslAttribute()
    {
        Redirect = true;
    }

    public bool Redirect { get; set; }

    public void OnAuthorization(AuthorizationContext filterContext)
    {
        //Validate.IsNotNull(filterContext, "filterContext");

        if (!Configuration.EnableSSL) return;

        if (!filterContext.HttpContext.Request.IsSecureConnection)
        {
            // request is not SSL-protected, so throw or redirect
            if (Redirect)
            {
                // form new URL
                UriBuilder builder = new UriBuilder
                {
                    Scheme = "https",
                    Host = filterContext.HttpContext.Request.Url.Host,
                    // use the RawUrl since it works with URL Rewriting
                    Path = filterContext.HttpContext.Request.RawUrl
                };
                filterContext.Result = new RedirectResult(builder.ToString());
            }
            else
            {
                throw new HttpException((int)HttpStatusCode.Forbidden, "Access forbidden. The requested resource requires an SSL connection.");
            }
        }
    }


}

asp.net-mvc

ssl

回答 2

Stack Overflow用户

回答已采纳

发布于 2009-11-01 23:36:22

我变了

 UriBuilder builder = new UriBuilder
                {
                    Scheme = "https",
                    Host = filterContext.HttpContext.Request.Url.Host,
                    // use the RawUrl since it works with URL Rewriting
                    Path = filterContext.HttpContext.Request.RawUrl
                };

至

                    UriBuilder builder = new UriBuilder
                {
                    Scheme = "https",
                    Host = filterContext.HttpContext.Request.Url.Host,
                    Path = filterContext.HttpContext.Request.Url.LocalPath,
                    Query = filterContext.HttpContext.Request.Url.PathAndQuery

                };

我现在不使用UrlRewriting，这就是为什么我猜这对我来说是安全的。

票数 1

Stack Overflow用户

发布于 2009-12-09 04:47:37

UriBuilder builder = new UriBuilder
{
    Scheme = "https",
    Host = filterContext.HttpContext.Request.Url.Host,
    Path = filterContext.HttpContext.Request.Path,
    Query = filterContext.HttpContext.Request.QueryString.ToString ()
};

票数 1

页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持

原文链接：

https://stackoverflow.com/questions/1654320

复制

相似问题

问RequireSSL在包含查询字符串的Url上失败
EN

回答 2

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问RequireSSL在包含查询字符串的Url上失败EN

回答 2

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问RequireSSL在包含查询字符串的Url上失败
EN