CODEWITHSUNDEEP
asp.net-mvc-3https
learning...
learning...

Reputation: 3174

HTTPS - Mvc3 - Visual Studio 2010

I have a requirement where the site needs to allways open in https mode (other than local development). This is internal app.

When i run the site with web.config entry to true for https, it looks like the site goes into circular motion and repeats the request again and again.

public static void RegisterGlobalFilters(GlobalFilterCollection filters)
    {
        filters.Add(new HandleErrorAttribute());

        //make sure that the remote site opens in https mode.
        bool isSSL = false;
        bool.TryParse(ConfigurationManager.AppSettings[ApplicationKeys.IsSSLRequired], out isSSL);
        if (isSSL && !HttpContext.Current.Request.IsLocal && !HttpContext.Current.Request.IsSecureConnection)
            filters.Add(new RequireHttpsAttribute());

    }
protected void Application_Start()
    {
        AreaRegistration.RegisterAllAreas();

        RegisterGlobalFilters(GlobalFilters.Filters);
        RegisterRoutes(RouteTable.Routes);
        //RouteDebug.RouteDebugger.RewriteRoutesForTesting(RouteTable.Routes);

        //wire up Unity IoC
        container = new UnityContainer();
        UnityBootstrapper.ConfigureContainer(container);
        EntityMapper.MapEntities();
        DependencyResolver.SetResolver(new UnityDependencyResolver(container));
        //wire up Unity Controller Factory
        ControllerBuilder.Current.SetControllerFactory(new UnityControllerFactory());
    }

What am i missing here?

Upvotes: 3

Views: 617

Answers (4)

Duncan Gravill
Duncan Gravill

Reputation: 4672

Just a thought. Is HttpContext.Current.Request available at Application_Start() ?

Upvotes: 0

Dmitry Efimenko
Dmitry Efimenko

Reputation: 11203

In your Global.asax:

protected void Application_BeginRequest()
{
    bool isSSL = false;
    bool.TryParse(ConfigurationManager.AppSettings[ApplicationKeys.IsSSLRequired], out isSSL);
    if (isSSL && !Context.Request.IsSecureConnection)
        Response.Redirect(Context.Request.Url.ToString().Replace("http:", "https:"));
}

Upvotes: 0

David Peden
David Peden

Reputation: 18424

Since you're already leveraging web.config to drive this functionality, I would suggest that you utilize URL Rewrite.

You can set up a rule to redirect non-HTTPS traffic to HTTPS. See this thread for the configuration:

http://forums.iis.net/t/1149780.aspx

With that in place, you can further improve your development experience by leveraging web.config transformations to enable the rule when you deploy to your production environment.

Upvotes: 2

Darin Dimitrov
Darin Dimitrov

Reputation: 1038720

You could use IIS Express which supports SSL to host your site.

Upvotes: 2

Related Questions