Menu
I know the easy way to get to an SSL page in ASP.NET MVC - via the [RequireSSL] attribute but I'm a little confused to the best way to do the opposite.
I have many links on my site in a header bar and most of those links don't require SSL and I don't want to still use SSL.
The futures project makes it very easy to redirect automatically to an SSL page with [RequireSSL(Redirect=true)], but it doesnt seem to make it easy to get out of this context and automatically redirect back to http.
What am I missing?
864
You're not missing anything; there is no out-of-the-box functionality for this. You can easily create your own by taking the RequireSslAttribute source and modifying it.
137
Answer from a dupe question elsewhere:
How to step out from https to http mode in asp.net mvc.
CAUTION: If choosing to use this approach your auth cookie will be sent over plain text after switching back to HTTP, and can potentially be stolen and used by someone else. See this. In other words - if you were using this for a bank site you would need to make sure that switching to http would first log the user out.
public class DoesNotRequireSSL: ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var request = filterContext.HttpContext.Request;
var response = filterContext.HttpContext.Response;
if (request.IsSecureConnection && !request.IsLocal)
{
string redirectUrl = request.Url.ToString().Replace("https:", "http:");
response.Redirect(redirectUrl);
}
base.OnActionExecuting(filterContext);
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With