Jorge Ramon

  • Home
  • New Here?
  • Articles
    • All
    • Sencha Touch
    • jQuery Mobile
    • ExtJS
  • Books
  • About

Forcing HTTPS in ASP.NET MVC Application

January 12, 2017 1 Comment

I just finished this ASP.NET MVC web application that required https for all requests. Here’s the approach I took to force https in the app.

Using the BeginRequest Method to Force Https

In the global.ascx.cs file (I used C# as the programming language), I decided to intercept all requests with the following Application_BeginRequest method:

protected void Application_BeginRequest()
{
    if (!Context.Request.IsSecureConnection)
    {
        // This is an insecure connection, so redirect to the secure version
        UriBuilder uri = new UriBuilder(Context.Request.Url);                
        if (!uri.Host.Equals("localhost"))
        {
            uri.Port = 443;
            uri.Scheme = "https";
            Response.Redirect(uri.ToString());
        }
    }
}

In the method, I use the Request.IsSecureConnection property to check if the connection isn’t already using https. If the request isn’t over a secure connection and I’m not running the app on my development workstation, I instantiate an Uri object off the request’s Url and change the value of the port property to 443, the https port used by my production server. I also switch the Uri’s scheme to https. Finally, I redirect the request to the updated Uri.

That’s it.

Alternative Approaches

There are other approaches you can take to force https in ASP.NET MVC. For example, you can decorate the controller methods that require https with the RequireHttpsAttribute attribute, which will force https connections for those methods, even in your development environment. You can also derive from the RequireHttpsAttribute Class and create an attribute that will force https for remote connections only:

public class RequireHttpsForRemoteRequestAttribute : RequireHttpsAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        if (filterContext == null)
        {
            throw new ArgumentNullException("filterContext");
        }

        if (filterContext.HttpContext.Request.IsLocal)
        {
            // Don't require HTTPS for local requests.
            return;
        }
        base.OnAuthorization(filterContext);
    }
}

Over to You

Your turn now. Do you use https in your ASP.NET MVC apps? How to you set it up? Leave a comment with your thoughts below.

Tagged With: Web Application Tutorial 1 Comment

Comments

  1. Allen Song says

    January 17, 2017 at 1:12 PM

    Thanks for share the code; My question is how to switch between http and https in an app? For my case I need https for most of pages, for some of pages like maps I’d like to use http because the data is too heavy, unlike Google map, Bing Map, my map has several hundred layers for users to interactive with these layers’ information. In previous web form, I can write some rules in configure file, is this still can be used in MVC? Thanks.

    Reply

Leave a Comment Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get My Books

The beginner's guide to Sencha Touch apps
The beginner's guide to jQuery Mobile apps

Book: How to Build a jQuery Mobile Application

Topics

  • » jQuery Mobile Tutorials
  • » Sencha Touch Tutorials
  • » ExtJS Tutorials
  • » Books
  • » Tools
  • » .Net Tutorials
  • » BlackBerry Tutorials
  • » iOS Tutorials
  • » Node.js Tutorials
  • » Android Training
  • » BlackBerry Training
  • » iOS Training

Search

Contact Me

  •  Email: jorge[AT]jorgeramon.me
  •  Twitter: @MiamiCoder
  •  LinkedIn: Jorge Ramon


Don’t Miss the Free Updates

Receive free updates in your inbox.
Your address is safe with me.

Copyright © 2021 Jorge Ramon · The opinions expressed herein do not represent the views of my employers in any way · Log in