7

一旦您[RequireHttps]执行操作并且用户从 HTTP 切换到 HTTPS,所有后续链接都将保持 HTTPS...

有没有办法切换回 HTTP ?

4

3 回答 3

6

从技术上讲,你可以做到

您可以查看其来源并将RequireHttpsAttribute其反转。

在实践中,您可能不应该

如果会话仍然存在,通常不建议返回 HTTP。这可能是各种攻击的基础,例如会话劫持

于 2012-02-20T22:22:00.883 回答
2

在此链接上有一个非常详细的描述,关于如何处理从 HTTPS 切换回 HTTP 的特定操作方法

http://blog.clicktricity.com/2010/03/switching-to-https-and-back-to-http-in-asp-net-mvc/

于 2012-02-20T22:15:51.367 回答
1

这是我使用的“ExitHttpsIfNotRequired”属性:

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class RetainHttpsAttribute : Attribute
{
}

public class ExitHttpsIfNotRequiredAttribute : FilterAttribute, IAuthorizationFilter
{
    public void OnAuthorization(AuthorizationContext filterContext)
    {
        // Abort if it's not a secure connection  
        if (!filterContext.HttpContext.Request.IsSecureConnection) return;

        if (filterContext.ActionDescriptor.ControllerDescriptor.ControllerName == "sdsd") return;

        // Abort if it's a child controller
        if (filterContext.IsChildAction) return;

        // Abort if a [RequireHttps] attribute is applied to controller or action  
        if (filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(RequireHttpsAttribute), true).Length > 0) return;
        if (filterContext.ActionDescriptor.GetCustomAttributes(typeof(RequireHttpsAttribute), true).Length > 0) return;

        // Abort if a [RetainHttps] attribute is applied to controller or action  
        if (filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(RetainHttpsAttribute), true).Length > 0) return;
        if (filterContext.ActionDescriptor.GetCustomAttributes(typeof(RetainHttpsAttribute), true).Length > 0) return;

        // Abort if it's not a GET request - we don't want to be redirecting on a form post  
        if (!String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase)) return;

        // Abort if the error controller is being called - we may wish to display the error within a https page
        if (filterContext.ActionDescriptor.ControllerDescriptor.ControllerName == "Error") return;

        // No problems - redirect to HTTP
        string url = "http://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
        filterContext.Result = new RedirectResult(url);
    }
}
于 2013-11-24T16:13:02.690 回答