Click here to Skip to main content
15,867,568 members
Home / Discussions / ASP.NET
   

ASP.NET

 
AnswerRe: HTTP Error 500.19 - Internal Server Error Pin
F-ES Sitecore21-Jun-17 22:41
professionalF-ES Sitecore21-Jun-17 22:41 
GeneralRe: HTTP Error 500.19 - Internal Server Error Pin
indian14322-Jun-17 7:38
indian14322-Jun-17 7:38 
AnswerRe: HTTP Error 500.19 - Internal Server Error Pin
Richard Deeming22-Jun-17 1:25
mveRichard Deeming22-Jun-17 1:25 
QuestionPosting the same form on 10 pages to a single action on a controller Pin
jkirkerx21-Jun-17 7:36
professionaljkirkerx21-Jun-17 7:36 
AnswerRe: Posting the same form on 10 pages to a single action on a controller Pin
Richard Deeming21-Jun-17 8:59
mveRichard Deeming21-Jun-17 8:59 
GeneralRe: Posting the same form on 10 pages to a single action on a controller Pin
jkirkerx22-Jun-17 12:56
professionaljkirkerx22-Jun-17 12:56 
QuestionMVC controller attribute to select SSL for individual pages, manually select, force SSL off Pin
jkirkerx19-Jun-17 11:29
professionaljkirkerx19-Jun-17 11:29 
AnswerRe: MVC controller attribute to select SSL for individual pages, manually select, force SSL off Pin
Richard Deeming19-Jun-17 11:48
mveRichard Deeming19-Jun-17 11:48 
I'm not sure why you'd only want part of your site to be served over HTTPS. If you already have a certificate set up, why not serve the whole thing over HTTPS, and be more secure by default? Confused | :confused:

The reason we don’t have a [RequireHttp] attribute in MVC is that there’s not really much benefit to it. It’s not as interesting as [RequireHttps], and it encourages users to do the wrong thing. For example, many web sites log in via SSL and redirect back to HTTP after you’re logged in, which is absolutely the wrong thing to do. Your login cookie is just as secret as your username + password, and now you’re sending it in cleartext across the wire. Besides, you’ve already taken the time to perform the handshake and secure the channel (which is the bulk of what makes HTTPS slower than HTTP) before the MVC pipeline is run, so [RequireHttp] won’t make the current request or future requests much faster.


If you really feel like making parts of your site less secure, you'll need to write your own filter attribute. It's not difficult - you just need to modify the RequireHttpsAttribute[^] to redirect to HTTP instead of HTTPS.
C#
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public class RequireHttpAttribute : FilterAttribute, IAuthorizationFilter
{
    public virtual void OnAuthorization(AuthorizationContext filterContext)
    {
        if (filterContext == null) throw new ArgumentNullException(nameof(filterContext));

        if (filterContext.HttpContext.Request.IsSecureConnection)
        {
            HandleHttpsRequest(filterContext);
        }
    }

    protected virtual void HandleHttpsRequest(AuthorizationContext filterContext)
    {
        // only redirect for GET requests, otherwise the browser might not propagate the verb and request body correctly.

        if (!String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
        {
            throw new InvalidOperationException();
        }

        // redirect to HTTP version of page
        string url = "http://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
        filterContext.Result = new RedirectResult(url);
    }
}




"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer


GeneralRe: MVC controller attribute to select SSL for individual pages, manually select, force SSL off Pin
jkirkerx19-Jun-17 12:22
professionaljkirkerx19-Jun-17 12:22 
GeneralRe: MVC controller attribute to select SSL for individual pages, manually select, force SSL off Pin
jkirkerx20-Jun-17 13:02
professionaljkirkerx20-Jun-17 13:02 
QuestionShould a REST API return exception in response body? Pin
Bastien Vandamme19-Jun-17 1:58
Bastien Vandamme19-Jun-17 1:58 
AnswerRe: Should a REST API return exception in response body? Pin
John C Rayan19-Jun-17 3:21
professionalJohn C Rayan19-Jun-17 3:21 
QuestionHow to save HTML Table to database Pin
Member 1053560718-Jun-17 9:24
Member 1053560718-Jun-17 9:24 
AnswerRe: How to save HTML Table to database Pin
User 418025418-Jun-17 14:45
User 418025418-Jun-17 14:45 
AnswerRe: How to save HTML Table to database Pin
John C Rayan19-Jun-17 3:23
professionalJohn C Rayan19-Jun-17 3:23 
QuestionHtml helper in c# mvc app Pin
e$heldon17-Jun-17 15:10
e$heldon17-Jun-17 15:10 
AnswerRe: Html helper in c# mvc app Pin
User 418025418-Jun-17 14:47
User 418025418-Jun-17 14:47 
GeneralRe: Html helper in c# mvc app Pin
e$heldon19-Jun-17 9:10
e$heldon19-Jun-17 9:10 
AnswerRe: Html helper in c# mvc app Pin
John C Rayan19-Jun-17 3:26
professionalJohn C Rayan19-Jun-17 3:26 
GeneralRe: Html helper in c# mvc app Pin
e$heldon19-Jun-17 9:13
e$heldon19-Jun-17 9:13 
QuestionCall Default View From Controller Pin
Kevin Marois16-Jun-17 7:57
professionalKevin Marois16-Jun-17 7:57 
AnswerRe: Call Default View From Controller Pin
Richard Deeming16-Jun-17 8:40
mveRichard Deeming16-Jun-17 8:40 
GeneralRe: Call Default View From Controller Pin
Kevin Marois16-Jun-17 9:14
professionalKevin Marois16-Jun-17 9:14 
GeneralRe: Call Default View From Controller Pin
Kevin Marois19-Jun-17 4:03
professionalKevin Marois19-Jun-17 4:03 
QuestionTrying to save some values from html to Database by using the WebApi HttpPost method Pin
indian14316-Jun-17 7:53
indian14316-Jun-17 7:53 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.