Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

asp.net c# redirecting from http to https

So in my code I want to detect if my login page is being called http, and redirect it to https.

I know there are non code ways to skin this cat, but for frustrating technical reasosn I'm backed into doing it in code.

            if (!Request.IsSecureConnection)             {                 string redirectUrl = Request.Url.ToString().Replace("http:", "https:");                 Response.Redirect(redirectUrl);             } 

So I drop this in my Page_Load(...), make sure my debugger uses real IIS, not VS2008s IIS, and hit debug.

Inthe debugger, waltz along, hit Response.Redirect("https://localhost/StudentPortal3G/AccessControl/AdLogin.aspx"), hit f5.

Get "Internet Explorere Cannot Display the webpage, url is HTTP, not HTTPS. Not getting an informative error... same thing happens not running in the debugger.

So what am I missing? it does not appear to be rocket science, I've seen similar code on lots of blogs...

What am I doing wrong? I figure it has to be a totally obvious Rookie mistake, but I'm not seeing it.

like image 503
Eric Brown - Cal Avatar asked Mar 14 '11 22:03

Eric Brown - Cal


People also ask

What is ASP.NET C?

ASP.NET is a web application framework developed and marketed by Microsoft to allow programmers to build dynamic web sites. It allows you to use a full featured programming language such as C# or VB.NET to build web applications easily.

Is ASP.NET like C#?

ASP.NET is a web application development framework used to develop web applications using different back-end programming languages like C# where C# is used as an object-oriented programming language to develop web applications along with ASP.NET.

Can I use .NET with C?

. NET Framework is an object oriented programming framework meant to be used with languages that it provides bindings for. Since C is not an object oriented language it wouldn't make sense to use it with the framework.

Is C and .NET same?

C# is a programming language, . NET is a blanket term that tends to cover both the . NET Framework (an application framework library) and the Common Language Runtime which is the runtime in which . NET assemblies are run.


2 Answers

I'd do a !Request.IsLocal as well to make sure that I'm not debugging, though if you're using a real instance of IIS with a cert applied when debugging that shouldn't be an issue.

if (!Request.IsLocal && !Request.IsSecureConnection) {     string redirectUrl = Request.Url.ToString().Replace("http:", "https:");     Response.Redirect(redirectUrl, false);     HttpContext.ApplicationInstance.CompleteRequest(); } 

Note: This answer assumes an MVC context within a Controller where HttpContext is a property holding the current context. If you're unlucky enough to still be using WebForms or are referencing the context in a degenerate way you will need to use HttpContext.Current.ApplicationInstance.CompleteRequest().

Note: I've updated this to be consistent with the recommended pattern to terminate the request according to the framework documentation.

When you use this method in a page handler to terminate a request for one page and start a new request for another page, set endResponse to false and then call the CompleteRequest method. If you specify true for the endResponse parameter, this method calls the End method for the original request, which throws a ThreadAbortException exception when it completes. This exception has a detrimental effect on Web application performance, which is why passing false for the endResponse parameter is recommended. For more information, see the End method.

like image 109
tvanfosson Avatar answered Oct 10 '22 05:10

tvanfosson


I usually call the following from the OnPreInit in a base class that all my pages inherit from. Of course, you could just do this in every page...but you wouldn't want to do that now would you?

Note that I've got two properties for each page so that I can specify the SSL requirement for each page (RequiresSSL) while I can also override and redirect check if I want (with IgnoreRequiresSSL, which is helpful for pages like error pages that you rewrite to and don't know whether they'll be encrypted or not), but of course, you can remove these for simple setups.

    protected override void OnPreInit(EventArgs e)     {         base.OnPreInit(e);          if (!IsPostBack)             RedirectAccordingToRequiresSSL();          ...     }      /// <summary>     /// Redirect if necessary to ssl or non-ssl enabled URL dependant on RequiresSSL property setting.     /// </summary>     private void RedirectAccordingToRequiresSSL()     {         if (IgnoreRequiresSSL) return;          if (RequiresSSL)         {             if (!Request.IsSecureConnection) // Need to redirect to https                 RedirectAccordingToRequiresSSL(Uri.UriSchemeHttps);         }         else if (Request.IsSecureConnection)         {             RedirectAccordingToRequiresSSL(Uri.UriSchemeHttp);         }          // Otherwise don't need to do any redirecting as already using the correct scheme     }      /// <summary>     /// Redirect as requested to specified scheme     /// </summary>     /// <param name="scheme"></param>     private void RedirectAccordingToRequiresSSL(string scheme)     {         var url = scheme + Uri.SchemeDelimiter + Request.Url.Authority + Request.Url.PathAndQuery;         Response.Redirect(url, false);     } 
like image 41
Ted Avatar answered Oct 10 '22 06:10

Ted