在本地测试时不应该使用 Https。我创建了自己的 Https 过滤器,它将忽略 localhost 中的所有本地流量,并且仅适用于登台和实时环境。您可以修改代码以满足您的需要。
public class RequireSSLAttribute : FilterAttribute, IAuthorizationFilter {
public virtual void OnAuthorization(AuthorizationContext filterContext) {
if(filterContext == null) {
throw new ArgumentNullException("filterContext");
}
if(!filterContext.HttpContext.Request.IsSecureConnection) {
HandleNonHttpsRequest(filterContext);
}
}
protected virtual void HandleNonHttpsRequest(AuthorizationContext filterContext) {
if(filterContext.HttpContext.Request.Url.Host.Contains("localhost")) return;
if(!String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase)) {
throw new InvalidOperationException("The requested resource can only be accessed via SSL");
}
string url = "https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
//ignore if the request is from a child action
if(!filterContext.IsChildAction) {
filterContext.Result = new RedirectResult(url);
}
}
}
这就是你使用它的方式......
[RequireSSL(Order=1), Authorize(Order=2)]
public PartialViewResult AccountHeader() {
blah...blah...
}