Using SSL in ASP.NET MVC should be no different than a regular WebForm. Even in WebForms, you should not generate fully qualified links internal to your app. Instead, just make sure that when someone comes to your site, that the protocol is "https".
You could probably write an action filter to do this. The filter would check the current full request for the "https" protocol. If it's not there, it would redirect to the same URL, but change the protocol.
Good luck.
Phil Haack (http://haacked.com/)
Senior Program Manager, Microsoft
What wouldn’t you do for a Klondike bar?
Marked as answer by ricka6 on Oct 03, 2009 12:30 AM
Are you suggesting to put relative link from ProductA page (Unsecure) to BuyProductA?
Eg: On the ProductA (HTTP) page add a link to BuyProductA (HTTP) and then redirect to HTTPS?
The page should check the protocol anyway. But:
Why should we do the redirect if it is well known that the page should be loaded via SSL?
Why not to generate the correct link from Routing? How?
I think that's what Nbear asks.
You may also need to insert "www."; let me explain.
It depends on what type of certificate you have purchased:
single site or wildcard.
Wildcard certificates tend to be more expensive AFAIK.
Also, AFAIK, wildcard certificates may cause a performance hit.
single site looks like this: www.haack.edu
wildcard looks like this *.haack.edu
and works for www.haack.edu,
phil.haack.edu,
notphil.haack.edu,
et cetera
Therefore, if your certificate is a single site certificate,
and the URL is http://haack.edu
you will need to create https://www.haack.edu
because https://haack.edu will likely generate a
"There is a problem with this website's security certificate" message.
In fact, the security certificate is valid but the URL is missing the www. part.
[This happens because the single site security certificate requires an exact URL.]
Regards,
Gerry (Lowry)
B-) Please help me by completing my school survey about computer programmers on my website. Thank you!!! Gerry Lowry +1 705-429-7550 wasaga beach, ontario, canada
Nbear
Member
2 Points
3 Posts
How to use SSL in asp.net mvc?
May 13, 2008 01:50 AM|LINK
I want to use the ssl in asp.net mvc,but I found the asp.net mvc framework can only use the virtual path.
I want to extend the mothods.
Would you like modify it with me?
Haacked
Contributor
6901 Points
412 Posts
Re: How to use SSL in asp.net mvc?
May 13, 2008 04:21 PM|LINK
Using SSL in ASP.NET MVC should be no different than a regular WebForm. Even in WebForms, you should not generate fully qualified links internal to your app. Instead, just make sure that when someone comes to your site, that the protocol is "https".
You could probably write an action filter to do this. The filter would check the current full request for the "https" protocol. If it's not there, it would redirect to the same URL, but change the protocol.
Good luck.
Senior Program Manager, Microsoft
What wouldn’t you do for a Klondike bar?
nagir
Member
162 Points
184 Posts
Re: How to use SSL in asp.net mvc?
May 14, 2008 12:58 AM|LINK
Hi Phil,
Are you suggesting to put relative link from ProductA page (Unsecure) to BuyProductA?
Eg: On the ProductA (HTTP) page add a link to BuyProductA (HTTP) and then redirect to HTTPS?
The page should check the protocol anyway. But:
Why should we do the redirect if it is well known that the page should be loaded via SSL?
Why not to generate the correct link from Routing? How?
I think that's what Nbear asks.
Cheers,
Dmitriy.
Nbear
Member
2 Points
3 Posts
Re: How to use SSL in asp.net mvc?
May 14, 2008 02:10 PM|LINK
Yes, I want to resolve the issue how to generate the correct link,
I want to generate the http:// or https:// according the parameter.Eg: isSSLRequest.
so ,It needs overwrite many methods.
Zygimantas
Member
14 Points
4 Posts
Re: How to use SSL in asp.net mvc?
May 14, 2008 09:05 PM|LINK
For example, sample implementation could be:
public class SecureConnectionAttribute : ActionFilterAttribute { public System.Boolean IsRequired { get; set; } public override void OnActionExecuting(ActionExecutingContext filterContext) { if (this.IsRequired && filterContext.HttpContext.Request.Url.Scheme != "https") { filterContext.HttpContext.Response.Redirect(filterContext.HttpContext.Request.Url.OriginalString.Replace("http", "https"), true); filterContext.Cancel = true; } } public SecureConnectionAttribute() { this.IsRequired = true; } }DanAtkinson
Member
17 Points
11 Posts
Re: How to use SSL in asp.net mvc?
Oct 02, 2009 09:50 AM|LINK
Please note that, because ASP.NET MVC v1.0 no longer has the Cancel property, that line 10 in the previous example should read
public class SecureConnectionAttribute : ActionFilterAttribute { public Boolean IsRequired { get; set; } public override void OnActionExecuting(ActionExecutingContext filterContext) { if (this.IsRequired && filterContext.HttpContext.Request.Url.Scheme != "https") { filterContext.HttpContext.Response.Redirect(filterContext.HttpContext.Request.Url.OriginalString.Replace("http", "https"), true); filterContext.Result = new HttpUnauthorizedResult(); } } public SecureConnectionAttribute() { this.IsRequired = true; } }Terry-Liang
Member
2 Points
1 Post
Re: How to use SSL in asp.net mvc?
Oct 10, 2009 08:18 AM|LINK
Thanks everyone.
Two methods in my static class that I useed,I share with my firends,I think it can help my firends.
public static string ToSslUrl(this string text)
{
return ToFullyUrl(text).Replace("http:", "https:");
}
public static string ToMvcUrl(this string text)
{
return ToFullyUrl(text).Replace("https:", "http:");
}
public static string ToFullyUrl(this string text)
{
var oldUrl = text;
if (oldUrl.ToLower().StartsWith("http"))
return oldUrl;
var oldUrlArray = (oldUrl.Contains("?") ? oldUrl.Split('?') : new[] { oldUrl, "" });
var requestUri = HttpContext.Current.Request.Url;
var localPathAndQuery = requestUri.LocalPath + requestUri.Query;
var urlBase = requestUri.AbsoluteUri.Substring(0, requestUri.AbsoluteUri.Length - localPathAndQuery.Length);
var newUrl = VirtualPathUtility.ToAbsolute(oldUrlArray[0]);
if (!string.IsNullOrEmpty(oldUrlArray[1]))
newUrl += "?" + oldUrlArray[1];
return urlBase + newUrl;
}
gerrylowry
All-Star
20577 Points
5721 Posts
Re: How to use SSL in asp.net mvc?
Oct 11, 2009 03:41 AM|LINK
You may also need to insert "www."; let me explain.
It depends on what type of certificate you have purchased:
single site or wildcard.
Wildcard certificates tend to be more expensive AFAIK.
Also, AFAIK, wildcard certificates may cause a performance hit.
single site looks like this: www.haack.edu
wildcard looks like this *.haack.edu
and works for www.haack.edu,
phil.haack.edu,
notphil.haack.edu,
et cetera
Therefore, if your certificate is a single site certificate,
and the URL is http://haack.edu
you will need to create https://www.haack.edu
because https://haack.edu will likely generate a
"There is a problem with this website's security certificate" message.
In fact, the security certificate is valid but the URL is missing the www. part.
[This happens because the single site security certificate requires an exact URL.]
Regards,
Gerry (Lowry)