I use this code which is taken from MVC futures and attach the Attribute RequireSsl to an action. It works with simple Url like http://localhost/de/Account/Login, but if I have a querystring, the questionmark gets url encoded and the request fails.
http://localhost/de/Account/Login?test=omg redirects to https://localhost/de/Account/Login%3Ftest=omg. Anybody got this working?
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public sealed class RequireSslAttribute : FilterAttribute, IAuthorizationFilter
{
public RequireSslAttribute()
{
Redirect = true;
}
public bool Redirect { get; set; }
public void OnAuthorization(AuthorizationContext filterContext)
{
//Validate.IsNotNull(filterContext, "filterContext");
if (!Configuration.EnableSSL) return;
if (!filterContext.HttpContext.Request.IsSecureConnection)
{
// request is not SSL-protected, so throw or redirect
if (Redirect)
{
// form new URL
UriBuilder builder = new UriBuilder
{
Scheme = "https",
Host = filterContext.HttpContext.Request.Url.Host,
// use the RawUrl since it works with URL Rewriting
Path = filterContext.HttpContext.Request.RawUrl
};
filterContext.Result = new RedirectResult(builder.ToString());
}
else
{
throw new HttpException((int)HttpStatusCode.Forbidden, "Access forbidden. The requested resource requires an SSL connection.");
}
}
}
}
I changed
To
I dont use UrlRewriting right now, thats why I guess this is safe for me.