How do I go about using HTTPS for some of the pages in my ASP.NET MVC based site?
Steve Sanderson has a pretty good tutorial on how to do this in a DRY way on Preview 4 at:
http://blog.codeville.net/2008/08/05/adding-httpsssl-support-to-aspnet-mvc-routing/
Is there a better / updated way with Preview 5?,
SSL Client Certificates. SSL provides authentication by using Public Key Infrastructure certificates. The server must provide a certificate that authenticates the server to the client. It is less common for the client to provide a certificate to the server, but this is one option for authenticating clients.
If you add a plain ASPX page to an ASP.NET MVC project, well, it just works like a charm without any changes to the configuration. If you invoke the ASPX page, the ASPX page is processed with viewstate and postbacks.
MVC provides a lot of infrastructure support for Forms Authentication. Forms authentication is highly customizable, you can customize everything from the sign in form, to where the credentials are stored and how those credentials are validated. Forms Authentication in ASP.NET relies on cookies by default.
ASP.NET MVC is no longer in active development. The last version update was in November 2018. Despite this, a lot of projects are using ASP.NET MVC for web solution development. As to JetBrains' research, 42% of software developers were using the framework in 2020.
If you are using ASP.NET MVC 2 Preview 2 or higher, you can now simply use:
[RequireHttps] public ActionResult Login() { return View(); }
Though, the order parameter is worth noting, as mentioned here.
MVCFutures has a 'RequireSSL' attribute.
(thanks Adam for pointing that out in your updated blogpost)
Just apply it to your action method, with 'Redirect=true' if you want an http:// request to automatically become https:// :
[RequireSsl(Redirect = true)]
See also: ASP.NET MVC RequireHttps in Production Only
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With