![](/img/trans.png)
[英]Track progress when uploading file to Rackspace Cloud Files in C#
[英]Check for SSL when hosted in Rackspace (Mosso) Cloud
我正在使用Request.IsSecureConnection来检查SSL并在适当的地方重定向。 在Rackspace的云上运行我的asp.net网站时,服务器在SSL集群后运行,因此IsSecureConnection将始终返回false。 检查URL是否包含“https://”,始终为false,检查端口等等也是如此。因此网站陷入了大重定向循环。
是否有其他方法可以检查SSL并在适当的位置重定向? 有人在Rackspace的云上实际做过这个吗?
Public Class SecurityAwarePage
Inherits Page
Private _requireSSL As Boolean = False
Public Property RequireSSL() As Boolean
Get
Return _requireSSL
End Get
Set(ByVal value As Boolean)
_requireSSL = value
End Set
End Property
Private ReadOnly Property IsSecure() As Boolean
Get
Return Request.IsSecureConnection
End Get
End Property
Protected Overrides Sub OnInit(ByVal e As System.EventArgs)
MyBase.OnInit(e)
PushSSL()
End Sub
Private Sub PushSSL()
Const SECURE As String = "https://"
Const UNSECURE As String = "http://"
If RequireSSL AndAlso Not IsSecure Then
Response.Redirect(Request.Url.ToString.Replace(UNSECURE, SECURE))
ElseIf Not RequireSSL AndAlso IsSecure Then
Response.Redirect(Request.Url.ToString.Replace(SECURE, UNSECURE))
End If
End Sub
End Class
虽然很难检查SSL是否参与解决问题的方法是强制使用SSL。
您可以在web.config中重写URL:
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_CLUSTER_HTTPS}" pattern="^on$" negate="true" />
<add input="{HTTP_CLUSTER-HTTPS}" pattern=".+" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{SCRIPT_NAME}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
您可以在ASP.NET中强制使用SSL:
<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<script runat="server">
protected void Page_Load(object sender, System.EventArgs e)
{
if(Request.ServerVariables["HTTP_CLUSTER_HTTPS"] != "on")
{
if(Request.ServerVariables.Get("HTTP_CLUSTER-HTTPS") == null)
{
string xredir__, xqstr__;
xredir__ = "https://" + Request.ServerVariables["SERVER_NAME"];
xredir__ += Request.ServerVariables["SCRIPT_NAME"];
xqstr__ = Request.ServerVariables["QUERY_STRING"];
if (xqstr__ != "")
xredir__ = xredir__ + "?" + xqstr__;
Response.Redirect(xredir__);
}
}
Response.Write("SSL Only");
}
</script>
<html>
<head id="Head1" runat="server">
<title>SSL Only</title>
</head>
<body>
</body>
</html>
我遇到了与Rackspace Cloud同样的问题,最后通过手动实现Request.IsSecureConnection()扩展方法并用我自己的方法替换框架的RequireHttpsAttribute来解决它。 希望其他人也会觉得这很有用。
/// <summary>
/// Replaces framework-provided RequireHttpsAttribute to disable SSL requirement for local requests
/// and properly enforce SSL requirement when used with Rackspace Cloud's load balancer
/// </summary>
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public class RequireHttpsAttribute : FilterAttribute, IAuthorizationFilter
{
public virtual void OnAuthorization(AuthorizationContext filterContext) {
if (filterContext == null) {
throw new ArgumentNullException("filterContext");
}
if (filterContext.HttpContext.Request.IsLocal)
return;
if (!filterContext.HttpContext.Request.IsSecureConnection()) {
HandleNonHttpsRequest(filterContext);
}
}
protected virtual void HandleNonHttpsRequest(AuthorizationContext filterContext) {
// only redirect for GET requests, otherwise the browser might not propagate the verb and request
// body correctly.
if (!String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase)) {
throw new InvalidOperationException("The requested resource can only be accessed via SSL.");
}
// redirect to HTTPS version of page
string url = "https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
filterContext.Result = new RedirectResult(url);
}
}
public static class Extensions {
/// <summary>
/// Gets a value which indicates whether the HTTP connection uses secure sockets (HTTPS protocol). Works with Rackspace Cloud's load balancer
/// </summary>
/// <param name="request"></param>
/// <returns></returns>
public static bool IsSecureConnection(this HttpRequestBase request) {
const string rackspaceSslVar = "HTTP_CLUSTER_HTTPS";
return (request.IsSecureConnection || (request.ServerVariables[rackspaceSslVar] != null || request.ServerVariables[rackspaceSslVar] == "on"));
}
/// <summary>
/// Gets a value which indicates whether the HTTP connection uses secure sockets (HTTPS protocol). Works with Rackspace Cloud's load balancer
/// </summary>
/// <param name="request"></param>
/// <returns></returns>
public static bool IsSecureConnection(this HttpRequest request) {
const string rackspaceSslVar = "HTTP_CLUSTER_HTTPS";
return (request.IsSecureConnection || (request.ServerVariables[rackspaceSslVar] != null || request.ServerVariables[rackspaceSslVar] == "on"));
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.