stackoom
  简体   繁体   中英

Redirecting from http to https on SecureConnection is unable to pass values in POST request. How can I preserve them?

 原文  2016-01-05 15:08:01       c#/ asp.net/ iis/ https/ http-post

Question

In my project, I have an .ashx page which accepts POST requests from outside, and collects a string variable by using this code: 

string infoPost = httpRequest["infoPost"].ToString();

This code works perfectly on my local, or an IIS server.

The problem started when I published it to an IIS server which I dont have control over it. Somehow the object was coming empty and I was getting "Object reference not set to an instance of an object." error on this code.

I did a bit of research, and found out that the SecureConnection setting is causing the problem. IIS server converts all "http" requests to "https", but it loses infoPost variable while doing that. I tested this idea by calling this page with "https" directly, and this time the code worked perfectly, and I grabbed the posted string.

But I dont want hardcoded job. I tried to understand if the website set as a secureconnection or not by using this code: 

 string strSecure = "http://";
 if (HttpContext.Current.Request.IsSecureConnection)
     strSecure = "https://";

Again, this code worked well on my local, but doesn't work on the IIS I mentioned.

Sorry for the long explanation, here are my questions in simple:

  • When IIS somehow redirects http requests to https, it is unable to pass the parameters inside the POST. Is it true? How can I prevent it?
  • I want to understand if a website is published on SecureConnection or not, but seems like "HttpContext.Current.Request.IsSecureConnection" code doesn't work on IIS. Is my assumption correct? Is there any other way to understand and decide which tag I should be using, (http or https)?

1 answers

solution1
 1 ACCPTED  2016-01-05 15:17:58

You don't want POSTed values to redirect from http to https, that would be a security hole. The purpose of this feature is to force you to confront whatever it is in the application that is POSTing values in clear-text, because they are being exposed before the redirect ever happens.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question NameResolutionFailure with HTTP Post Request. How to change from a HTTP POST request to HTTPS POST request? How to fill values in dictionary and pass them from view to POST How can I preserve the url (with the querystring) after an Http Post but also add an error to the Model State? How do I retrieve body values from an HTTP POST request in an ASP.NET Web API ValueProvider? In C# how can I send data from SQL Server to a HTTP request using the POST method? How can I access parameters from a POST (or other HTTP) request in a C# server? How can a pass a body with my POST and DELETE request using Http Web Request How can I pass a string to a post request in Angular? How can I access the certificate(.pfx) attached to https post request from postman, inside a controller in dotnet core web api 3.0?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM