c# - RequireHttps vs deriving from RequireHttpsAttribute -


i'm trying implement https on selected pages of site. using attribute requirehttps works causes problems testing don't have cert installed locally.

the solution i'm looking need ignore localhost , ignore 1 test server while working on our second test server have cert in place.

some further background on this. aim move site gradually https. it's ecommerce site portions secure , know many reasons moving entire site secure thing. know once move page page b b secure won't go http when move a, that's fine. want move site in stages in case there problems things mismatched content, site maps, seo, google ranking etc.

some of various solutions have tried - i've implemented class derived requirehttps attribute follows:

 public class customrequirehttps : requirehttpsattribute {     protected override void handlenonhttpsrequest(authorizationcontext filtercontext)     {         if (filtercontext.httpcontext.request.url != null && (!string.equals(filtercontext.httpcontext.request.httpmethod, "get", stringcomparison.ordinalignorecase)                                                               && !string.equals(filtercontext.httpcontext.request.httpmethod, "head", stringcomparison.ordinalignorecase)                                                               && !filtercontext.httpcontext.request.url.host.contains("localhost")                                                               && !filtercontext.httpcontext.request.url.host.contains("testing")))         {             base.handlenonhttpsrequest(filtercontext);         }     } }

and have applied attribute 1 page hasn't worked intended, either applies https pages on site or doesn't work @ all.

i have tried solution works on localhost , not on 2 test servers:

#if !debug [requirehttps]  #endif

then tried overriding onauthorizartion method so:

 public override void onauthorization(authorizationcontext filtercontext)     {         if (filtercontext == null)         {             throw new argumentnullexception("filtercontext");         }          if (filtercontext.httpcontext != null && filtercontext.httpcontext.request.islocal)         {             return;         }          base.onauthorization(filtercontext);     }

it worked locally once got onto server test cert every page https not understand i've used derived attribute on 1 page.

so, i'm looking achieve implement https on select number of pages on site. https request needs ignored on localhost , first test server but, needs not ignored on second test server has cert.

so far either doesn't work @ or on every page on site.

however, , kicker, if use requirehttps attribute works on second test server causes problems on servers without cert. 'works perfectly' mean implements https on pages i've used attribute , not switch pages secure.

any ideas i'm doing wrong here?

there can lot going on, example when links local, when switch made https, pages https (not applying require https doesn't switch http). security standpoint, should serve pages https when need subset of pages (otherwise, might share secure cookies / login tokens on unencrypted http). attribute applied, , subsequent requests served on ssl.

secondly, testing on localhost request uri serve page on http on second server. opinion solve problem create switch in web.config if pages should served on https. check switch in global filterconfig:

public static class filterconfig {     public static void registerglobalfilters(globalfiltercollection filters)     {         var usessl = convert.toboolean(configurationmanager.appsettings["usessl"]);         if (usessl )         {             filters.add(new requirehttpsattribute());         }     } }

-

Comments

Post a Comment

Popular posts from this blog

amazon web services - S3 Pre-signed POST validate file type? -

i know it's possible put limit on file size content-length-range header. possible validate file type? https://docs.aws.amazon.com/amazons3/latest/dev/httppostforms.html#policyconditions i see there content-type header, if set say, audio/mp3 allow mp3 files , return error if file not mp3? i found previous question answers mention validating file size: s3 direct upload restricting file size , type you can specify content-type @ post request. you can specify @ signature, post must done content-type: { "expiration": "2007-12-01t12:00:00.000z", "conditions": [ {"acl": "public-read" }, {"bucket": "johnsmith" }, {"content-type: "audio/mp3"} ] } creating html form (using aws signature version 4) edit: @ previous question found, checking content-type.
Read more

c# - Check Keyboard Input Winforms -

i wondering if instead of doing this protected override void onkeydown(keyeventargs e) { if (e.keycode == keys.a) console.writeline("the key down."); } i set bool method , this: if(keydown(keys.a)) // whatever here i've been sitting here ages trying figure out how it. can't wrap head around it. in case wondering, plan call bool inside different method, check input. since want perform action after pressing key, using keydown event enough. but in cases suppose want check if specific key down in middle of process, can use getkeystate method way: [dllimport("user32.dll", charset = charset.auto, exactspelling = true)] public static extern short getkeystate(int keycode); public const int key_pressed = 0x8000; public static bool iskeydown(keys key) { return convert.toboolean(getkeystate((int)key) & key_pressed); } you should know, each time check key state using example iskeydown(keys.a) method returns true if ke...
Read more