c# – 在Rackspace(Mosso)Cloud中托管时检查SSL

前端之家收集整理的这篇文章主要介绍了c# – 在Rackspace(Mosso)Cloud中托管时检查SSL前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我正在使用Request.IsSecureConnection来检查SSL并在适当的地方重定向.在Rackspace的云上运行我的asp.net网站时,服务器在SSL集群后面运行,因此IsSecureConnection将始终返回false.检查URL是否包含“https://”,始终为false,检查端口等等也是如此.因此网站陷入了大重定向循环.

是否有其他方法可以检查SSL并在适当的位置重定向?有人在Rackspace的云上实际做过这个吗?

Public Class SecurityAwarePage
    Inherits Page

    Private _requireSSL As Boolean = False

    Public Property RequireSSL() As Boolean
        Get
            Return _requireSSL
        End Get
        Set(ByVal value As Boolean)
            _requireSSL = value
        End Set
    End Property

    Private ReadOnly Property IsSecure() As Boolean
        Get
            Return Request.IsSecureConnection
        End Get
    End Property

    Protected Overrides Sub OnInit(ByVal e As System.EventArgs)
        MyBase.OnInit(e)

        PushSSL()
    End Sub

    Private Sub PushSSL()
        Const SECURE As String = "https://"
        Const UNSECURE As String = "http://"

        If RequireSSL AndAlso Not IsSecure Then
            Response.Redirect(Request.Url.ToString.Replace(UNSECURE,SECURE))
        ElseIf Not RequireSSL AndAlso IsSecure Then
            Response.Redirect(Request.Url.ToString.Replace(SECURE,UNSECURE))
        End If

    End Sub

End Class

解决方法

虽然很难检查SSL是否参与解决问题的方法是强制使用SSL.

RackspaceCloud Support knowledge base

您可以在web.config中重写URL:

<configuration>
<system.webServer>
  <rewrite>
    <rules>
      <rule name="Redirect to HTTPS" stopProcessing="true">
        <match url=".*" />
        <conditions>
          <add input="{HTTP_CLUSTER_HTTPS}" pattern="^on$" negate="true" />
          <add input="{HTTP_CLUSTER-HTTPS}" pattern=".+" negate="true" />
        </conditions>
        <action type="Redirect" url="https://{HTTP_HOST}{SCRIPT_NAME}" redirectType="SeeOther" />
      </rule>
    </rules>
  </rewrite>
</system.webServer>
</configuration>

您可以在ASP.NET中强制使用SSL:

<%@ Page Language="C#" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<script runat="server">
  protected void Page_Load(object sender,System.EventArgs e)
  {
    if(Request.ServerVariables["HTTP_CLUSTER_HTTPS"] != "on")
    {
      if(Request.ServerVariables.Get("HTTP_CLUSTER-HTTPS") == null)
      {
        string xredir__,xqstr__;

        xredir__ = "https://" + Request.ServerVariables["SERVER_NAME"];
        xredir__ += Request.ServerVariables["SCRIPT_NAME"];
        xqstr__ = Request.ServerVariables["QUERY_STRING"];

        if (xqstr__ != "")
            xredir__ = xredir__ + "?" + xqstr__;

        Response.Redirect(xredir__);
      }
    }
    Response.Write("SSL Only");
  }
</script>

<html>
<head id="Head1" runat="server">
  <title>SSL Only</title>
</head>
<body>
</body>
</html>

猜你在找的C#相关文章