DEVHIDE
Login Or Sign up

ASP.NET MVC [RequireHttps] - return to http

1.7k Views Asked by At

Once you place [RequireHttps] on an action and user switches from HTTP to HTTPS, all subsequent links will stay HTTPS...

Is there a way to switch back to HTTP ?

asp.net-mvc asp.net-mvc-3 requirehttps
Original Q&A
3

There are 3 best solutions below

3
On BEST ANSWER

Technically, you could do it

You could look at the source of RequireHttpsAttribute and reverse it.

In practice, you probably shouldn't

If the session is still alive, it is generally inadvisable to return to HTTP. This can be the foundation for a variety of attacks, for example, session hijacking.

0
On

Here's the 'ExitHttpsIfNotRequired' attribute I use:

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class RetainHttpsAttribute : Attribute
{
}

public class ExitHttpsIfNotRequiredAttribute : FilterAttribute, IAuthorizationFilter
{
    public void OnAuthorization(AuthorizationContext filterContext)
    {
        // Abort if it's not a secure connection  
        if (!filterContext.HttpContext.Request.IsSecureConnection) return;

        if (filterContext.ActionDescriptor.ControllerDescriptor.ControllerName == "sdsd") return;

        // Abort if it's a child controller
        if (filterContext.IsChildAction) return;

        // Abort if a [RequireHttps] attribute is applied to controller or action  
        if (filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(RequireHttpsAttribute), true).Length > 0) return;
        if (filterContext.ActionDescriptor.GetCustomAttributes(typeof(RequireHttpsAttribute), true).Length > 0) return;

        // Abort if a [RetainHttps] attribute is applied to controller or action  
        if (filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(RetainHttpsAttribute), true).Length > 0) return;
        if (filterContext.ActionDescriptor.GetCustomAttributes(typeof(RetainHttpsAttribute), true).Length > 0) return;

        // Abort if it's not a GET request - we don't want to be redirecting on a form post  
        if (!String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase)) return;

        // Abort if the error controller is being called - we may wish to display the error within a https page
        if (filterContext.ActionDescriptor.ControllerDescriptor.ControllerName == "Error") return;

        // No problems - redirect to HTTP
        string url = "http://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
        filterContext.Result = new RedirectResult(url);
    }
}
0
On

there is a pretty detailed description of how to handle switching from HTTPS back to HTTP for specific action methods at this link

http://blog.clicktricity.com/2010/03/switching-to-https-and-back-to-http-in-asp-net-mvc/

Related Questions in ASP.NET-MVC

Related Questions in ASP.NET-MVC-3

Related Questions in REQUIREHTTPS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.