Menu
Is there a way to require SSL for WebApi? An attribute?
I don't see an applicable attribute under System.Web.Http, something like the RequireHttps attribute we have for MVC. I'm just trying to avoid rolling my own attribute/ message handler if there is a built in solution.
844
By default ascd and REST uses the TLSv1. 2 protocol. Important: You must use the same SSL setting for the cluster management console and the RESTful web servers. If you enable SSL for one, you must also enable SSL for the other; if you disable SSL for one, SSL must be disabled for the other as well.
SSL provides authentication by using Public Key Infrastructure certificates. The server must provide a certificate that authenticates the server to the client. It is less common for the client to provide a certificate to the server, but this is one option for authenticating clients.
public class RequireHttpsAttribute : ActionFilterAttribute { public override void OnActionExecuting(HttpActionContext actionContext) { if (actionContext.Request.RequestUri.Scheme != Uri.UriSchemeHttps) { actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden); } } } You can use the RequireHttpsHandler from WebAPIContrib project. Basically, all it does is to check the incoming request URI scheme:
if (request.RequestUri.Scheme != Uri.UriSchemeHttps) { // Forbidden (or do a redirect)... } Alternately, Carlos Figueira has another implementation on his MSDN blog.
26
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
