I'm trying to build a web application that uses an SSL connection. So I did some research and found out that I could use the RequireHttpsAttribute class to achieve what I needed. Thing is that when I use it, the execution of the application results in an 310 error(too many redirections). I even built a custom class to handle the switch from http to https. But that too results in an error.
My Class to handle te protocol switch:
Public Class RequireSSLAttribute
Inherits ActionFilterAttribute
Public Property IsRequired() As Boolean
Public Overrides Sub OnActionExecuting(filterContext As ActionExecutingContext)
If Me.IsRequired AndAlso filterContext.HttpContext.Request.Url.Scheme <> "https" Then
filterContext.HttpContext.Response.Redirect(filterContext.HttpContext.Request.Url.OriginalString.Replace("http:", "https:").Remove(filterContext.HttpContext.Request.Url.OriginalString.LastIndexOf(":") + 1), True)
filterContext.Result = New HttpUnauthorizedResult
End If
End Sub
Public Sub New()
IsRequired = True
End Sub
End Class
I don't know who your host is, but I just ran into a similar problem on AppHarbor and discovered this in their knowledge base:
If you're using the built-in RequireHttpsAttribute to ensure that a
controller action always uses HTTPS you will experience a redirect
loop. The reason is that SSL is terminated at the load balancer level
and RequireHttps doesn't recognize the X-Forwarded-Proto header it
uses to indicate that the request was made using HTTPS. You should
therefore use a custom RequireHttps attribute for this purpose.
They have also provided an example solution on Github here, which I will copy below for convenience:
using System;
using System.Web.Mvc;
using RequireHttpsAttributeBase = System.Web.Mvc.RequireHttpsAttribute;
namespace AppHarbor.Web
{
[AttributeUsage(
AttributeTargets.Class | AttributeTargets.Method,
Inherited = true,
AllowMultiple = false)]
public class RequireHttpsAttribute : RequireHttpsAttributeBase
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (filterContext.HttpContext.Request.IsSecureConnection)
{
return;
}
if (string.Equals(filterContext.HttpContext.Request.Headers["X-Forwarded-Proto"],
"https",
StringComparison.InvariantCultureIgnoreCase))
{
return;
}
if (filterContext.HttpContext.Request.IsLocal)
{
return;
}
HandleNonHttpsRequest(filterContext);
}
}
}
I'm not sure if this will solve your problem; but perhaps even if you aren't using AppHarbor the root cause may be the same for you, in which case the above seems worth a shot.
Try changing it to
If Me.IsRequired AndAlso filterContext.HttpContext.Request.Url.Scheme <> "https" Then
secureUrl = filterContext.HttpContext.Request.Url.OriginalString.Replace("http:", "https:").Remove(filterContext.HttpContext.Request.Url.OriginalString.LastIndexOf(":") + 1)
filterContext.Result = new RedirectResult(secureUrl)
End If
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 叛逆 的文章《MVC3, RequireHttps and custom handler result in ht》','https://www.manongdao.com/article-875238.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}