HTTPS - Mvc3 - Visual Studio 2010
I have a requirement that the site should always open in https mode (except for local development). This is an internal application.
When I run the site with web.config set to true for https, it looks like the site goes in a circular motion and repeats the request over and over.
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new HandleErrorAttribute());
//make sure that the remote site opens in https mode.
bool isSSL = false;
bool.TryParse(ConfigurationManager.AppSettings[ApplicationKeys.IsSSLRequired], out isSSL);
if (isSSL && !HttpContext.Current.Request.IsLocal && !HttpContext.Current.Request.IsSecureConnection)
filters.Add(new RequireHttpsAttribute());
}
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
RegisterGlobalFilters(GlobalFilters.Filters);
RegisterRoutes(RouteTable.Routes);
//RouteDebug.RouteDebugger.RewriteRoutesForTesting(RouteTable.Routes);
//wire up Unity IoC
container = new UnityContainer();
UnityBootstrapper.ConfigureContainer(container);
EntityMapper.MapEntities();
DependencyResolver.SetResolver(new UnityDependencyResolver(container));
//wire up Unity Controller Factory
ControllerBuilder.Current.SetControllerFactory(new UnityControllerFactory());
}
What am I missing here?
+3
source to share
4 answers
Since you are already using web.config to manage this functionality, I suggest you use URL Rewrite .
You can configure a rule to redirect non-HTTPS traffic to HTTPS. See this thread for configuration:
http://forums.iis.net/t/1149780.aspx
Using this, you can further improve your development experience by using web.config transforms to include a rule when deploying to your production environment.
+2
source to share
In your Global.asax:
protected void Application_BeginRequest()
{
bool isSSL = false;
bool.TryParse(ConfigurationManager.AppSettings[ApplicationKeys.IsSSLRequired], out isSSL);
if (isSSL && !Context.Request.IsSecureConnection)
Response.Redirect(Context.Request.Url.ToString().Replace("http:", "https:"));
}
0
source to share