asp.net-mvc 如何在 MVC 应用程序 (IIS7.5) 中将 HTTP 重定向到 HTTPS
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4945883/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to redirect HTTP to HTTPS in MVC application (IIS7.5)
提问by Laxmi Lal Menaria
I need to redirect my HTTP site to HTTPS, have added below rule but I am getting 403 Error when tried using http://www.example.com, it works fine when I type https://www.example.comin browser.
我需要将我的 HTTP 站点重定向到 HTTPS,已添加以下规则,但尝试使用http://www.example.com时出现 403 错误,当我在浏览器中键入https://www.example.com时它工作正常.
<system.webServer>
<rewrite>
<rules>
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
采纳答案by Debasis Goswami
I use the following in Global.asax:
我在 Global.asax 中使用以下内容:
protected void Application_BeginRequest()
{
if (FormsAuthentication.RequireSSL && !Request.IsSecureConnection)
{
Response.Redirect(Request.Url.AbsoluteUri.Replace("http://", "https://"));
}
}
回答by Chris Kooken
You can do it in code:
你可以在代码中做到这一点:
Global.asax.cs
Global.asax.cs
protected void Application_BeginRequest(){
if (!Context.Request.IsSecureConnection)
Response.Redirect(Context.Request.Url.ToString().Replace("http:", "https:"));
}
Or You could add the same code to an action filter:
或者您可以将相同的代码添加到操作过滤器中:
public class SSLFilter : ActionFilterAttribute {
public override void OnActionExecuting(ActionExecutingContext filterContext){
if (!filterContext.HttpContext.Request.IsSecureConnection){
var url = filterContext.HttpContext.Request.Url.ToString().Replace("http:", "https:");
filterContext.Result = new RedirectResult(url);
}
}
}
回答by Matthieu Charbonnier
In the Global.asax.cs:
在Global.asax.cs:
Simple redirect
简单重定向
protected void Application_BeginRequest()
{
if (!Context.Request.IsSecureConnection
&& !Context.Request.IsLocal // to avoid switching to https when local testing
)
{
// Only insert an "s" to the "http:", and avoid replacing wrongly http: in the url parameters
Response.Redirect(Context.Request.Url.ToString().Insert(4, "s"));
}
}
301 redirect: SEO best practice(Search Engine Optimization)
301 重定向:SEO 最佳实践(搜索引擎优化)
The 301 Moved Permanentlyredirect status response code is considered a best practice for upgrading users from HTTP to HTTPS (see Google recommendations).
该301 Moved Permanently重定向状态响应代码被认为是从HTTP升级用户的最佳实践,以HTTPS(见谷歌的建议)。
So if Google or Bing robots will be redirected too, consider this:
因此,如果 Google 或 Bing 机器人也将被重定向,请考虑:
protected void Application_BeginRequest()
{
if (!Context.Request.IsSecureConnection
&& !Context.Request.IsLocal // to avoid switching to https when local testing
)
{
Response.Clear();
Response.Status = "301 Moved Permanently";
Response.AddHeader("Location", Context.Request.Url.ToString().Insert(4, "s"));
Response.End();
}
}
回答by Nattrass
You could use the RequireHttpsAttribute for simple cases.
对于简单的情况,您可以使用 RequireHttpsAttribute。
[RequireHttps]
public class HomeController : Controller
{
public ActionResult Index()
{
return View();
}
}
As stated in MSDN...
正如 MSDN 中所述...
"Represents an attribute that forces an unsecured HTTP request to be re-sent over HTTPS."
“表示强制通过 HTTPS 重新发送不安全的 HTTP 请求的属性。”
I'm not sure you'd want to use this to enforce HTTPS across a large site though. Lots of decorating to do, and opportunity to miss controllers.
不过,我不确定您是否想使用它来在大型站点上强制使用 HTTPS。有很多装饰要做,还有机会错过控制器。
回答by Paul Williams
I did it thusly, since a local debug session uses custom port numbers:
我这样做了,因为本地调试会话使用自定义端口号:
protected void Application_BeginRequest()
{
if (!Context.Request.IsSecureConnection)
{
if (HttpContext.Current.Request.IsLocal)
{
Response.Redirect(Context.Request.Url.ToString().Replace("http://localhost:25885/", "https://localhost:44300/"));
}
else
{
Response.Redirect(Context.Request.Url.ToString().Replace("http://", "https://"));
}
}
}
Preferably there would be some way to get the URL and SSL URL programmatically...
最好有某种方式以编程方式获取 URL 和 SSL URL...
回答by Manish Kumar Gurjar
I have the following ASP.NET MVC rewrite rule in Web.config file:
我在 Web.config 文件中有以下 ASP.NET MVC 重写规则:
You can try this code with web.config file. If your URL is http://www.example.comthen it will be redirect to this URL https://www.example.com.
您可以使用 web.config 文件尝试此代码。如果您的 URL 是http://www.example.com ,那么它将被重定向到这个 URL https://www.example.com。
<system.webServer>
<rewrite>
<rules>
<rule name="http to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>回答by Sadik Ali
It's very simple. Just add one line in "Global.asax" file as below:
这很简单。只需在“Global.asax”文件中添加一行,如下所示:
protected void Application_Start()
{
GlobalFilters.Filters.Add(new RequireHttpsAttribute(true));
}
If you would like to apply only server-side, not local side then apply following code:
如果您只想应用服务器端,而不是本地端,请应用以下代码:
protected void Application_Start()
{
if (!HttpContext.Current.Request.IsLocal)
GlobalFilters.Filters.Add(new RequireHttpsAttribute(true));
}
Hope it will help you :) Thank you!
希望能帮到你 :) 谢谢!
回答by Adel Mourad
To force https only when the website is lunched on the server and ignore it while running the website on your machine for development :
仅当网站在服务器上运行时强制使用 https 并在您的机器上运行网站进行开发时忽略它:
In Global.asax :
在 Global.asax 中:
You'll need the Application_BeginRequest() method
您将需要 Application_BeginRequest() 方法
public class MvcApplication : System.Web.HttpApplication
{
protected void Application_Start()
{
// .....
}
//force https on server, ignore it on local machine
protected void Application_BeginRequest()
{
if (!Context.Request.IsSecureConnection && !Context.Request.Url.ToString().Contains("localhost"))
Response.Redirect(Context.Request.Url.ToString().Replace("http:", "https:"));
}
}
回答by Deepak Jha
Use this code in web.config file for redirect http:// to https://
在 web.config 文件中使用此代码将 http:// 重定向到 https://
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="HTTPS force" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
回答by Umair Malhi
This answer is not exactly for OP but for those who could not make it work like me and have come across this (and although I know there is 403 not 404 error in OP), please refer to this answer if you are getting 404 instead: https://stackoverflow.com/a/6962829/5416602
这个答案并不完全适用于 OP,而是适用于那些无法像我一样工作并且遇到过这个问题的人(虽然我知道 OP 中存在 403 而不是 404 错误),如果您得到的是 404,请参考这个答案:https://stackoverflow.com/a/6962829/5416602
Please check that you have binding for HTTP port (80) and not only HTTPS port (443) in your IIS
请检查您的 IIS 中是否绑定了 HTTP 端口 (80) 而不仅仅是 HTTPS 端口 (443)
