Reputation: 3616
Using https endpoints for a subset of mvc 4 views
I am building a web solution using mvc 4 hosted on Azure. Coming from the winforms/wpf world, I realize there's a lot I don't know about web configuration. I'm also to be regarded an MVC novice, so I might be overlooking something obvious here...
In my azure web role I've configured two endpoints, one for http and one for https. What I want to achieve, is to have a set of public views / controllers bound to my http endpoint, and a set of ssl protected controllers bound to my https endpoint.
for example
https://www.mysite.com/account
I guess what I am looking for is a way to bind controllers to the configured endpoints, or if that is not possible, ensure that http://www.mysite.com/login is redirected to https://www.mysite.com/login, and vice versa for the unprotected controllers.
My solution also consists of a set of mvc 4 webapi controllers, and these are all ssl protected. If it is not possible to avoid exposing these on the http endpoint, I would like to respond with a http error code if someone were to attempt to access these on the unsecure endpoint.
I'm sure I can solve this programatically, but is there a clean way to solve this through configuration?
As a bonus, it would be cool to set it up like this too:
https://secure.mysite.com/login
I've achieved this by setting up two mvc 4 projects, defining two <Site>s in the service configuration file. However, I do not want to split this into two projects. Is this possible to achieve from some sort of configuration?
To give you something to work with, here's an excerpt of my ServiceConfiguration.csdef
<Sites>
<Site name="www" physicalDirectory="..\project1">
<Bindings>
<Binding name="HttpIn" endpointName="HttpIn" />
</Bindings>
</Site>
<Site name="api" physicalDirectory="..\project2">
<Bindings>
<Binding name="HttpsIn" endpointName="HttpsIn" hostHeader="secure.mysite.com" />
</Bindings>
</Site>
</Sites>
<Endpoints>
<InputEndpoint name="HttpsIn" protocol="https" port="443" certificate="Certificate1" />
<InputEndpoint name="HttpIn" protocol="http" port="80" />
</Endpoints>
Upvotes: 2
Views: 1608
Answers (1)
Reputation: 24895
You would typically use the RequireHttpsAttribute for this (apply this to any controller or action you only want to make accessible through HTTPS, like the AccountController for example). Carlos Figueira also has an ASP.NET Web API implementation on his blog.
Upvotes: 1
Related Questions
- https on default ASP.NET MVC
- Https to Http rule rewrite Azure
- Asp.net MVC resolve Http/Https
- RequireHttps and routing to https URL
- MVC3 after [RequireHttps] how to ensure non https is used
- Azure Websites Custom SSL ASP.Net MVC Workaround
- asp.net mvc routes over https ssl
- mvc3 https & http
- MVC3: How can I route non-SSL requests automatically to the SSL protocol?
- Mixed http/https site