Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I do the OPPOSITE of [RequireHttps(Redirect=true)] in ASP.NET MVC

I know the easy way to get to an SSL page in ASP.NET MVC - via the [RequireSSL] attribute but I'm a little confused to the best way to do the opposite.

I have many links on my site in a header bar and most of those links don't require SSL and I don't want to still use SSL.

The futures project makes it very easy to redirect automatically to an SSL page with [RequireSSL(Redirect=true)], but it doesnt seem to make it easy to get out of this context and automatically redirect back to http.

What am I missing?

like image 864
Simon_Weaver Avatar asked Jul 21 '09 09:07

Simon_Weaver


2 Answers

You're not missing anything; there is no out-of-the-box functionality for this. You can easily create your own by taking the RequireSslAttribute source and modifying it.

like image 137
Levi Avatar answered Sep 28 '22 09:09

Levi


Answer from a dupe question elsewhere:

How to step out from https to http mode in asp.net mvc.

CAUTION: If choosing to use this approach your auth cookie will be sent over plain text after switching back to HTTP, and can potentially be stolen and used by someone else. See this. In other words - if you were using this for a bank site you would need to make sure that switching to http would first log the user out.

public class DoesNotRequireSSL: ActionFilterAttribute 
    {
        public override void OnActionExecuting(ActionExecutingContext filterContext) 
        {
                var request = filterContext.HttpContext.Request;
                var response = filterContext.HttpContext.Response;

                if (request.IsSecureConnection && !request.IsLocal) 
                {
                string redirectUrl = request.Url.ToString().Replace("https:", "http:");
                response.Redirect(redirectUrl);
                }
                base.OnActionExecuting(filterContext);
        }
    }
like image 43
Simon_Weaver Avatar answered Sep 28 '22 08:09

Simon_Weaver