我正在使用Request.IsSecureConnection来检查SSL并在适当的地方重定向.在Rackspace的云上运行我的asp.net网站时,服务器在SSL集群后面运行,因此IsSecureConnection将始终返回false.检查URL是否包含“https://”,始终为false,检查端口等等也是如此.因此网站陷入了大重定向循环.
是否有其他方法可以检查SSL并在适当的位置重定向?有人在Rackspace的云上实际做过这个吗?
Public Class SecurityAwarePage
Inherits Page
Private _requireSSL As Boolean = False
Public Property RequireSSL() As Boolean
Get
Return _requireSSL
End Get
Set(ByVal value As Boolean)
_requireSSL = value
End Set
End Property
Private ReadOnly Property IsSecure() As Boolean
Get
Return Request.IsSecureConnection
End Get
End Property
Protected Overrides Sub OnInit(ByVal e As System.EventArgs)
MyBase.OnInit(e)
PushSSL()
End Sub
Private Sub PushSSL()
Const SECURE As String = "https://"
Const UNSECURE As String = "http://"
If RequireSSL AndAlso Not IsSecure Then
Response.Redirect(Request.Url.ToString.Replace(UNSECURE,SECURE))
ElseIf Not RequireSSL AndAlso IsSecure Then
Response.Redirect(Request.Url.ToString.Replace(SECURE,UNSECURE))
End If
End Sub
End Class
解决方法
虽然很难检查SSL是否参与解决问题的方法是强制使用SSL.
从RackspaceCloud Support knowledge base:
您可以在web.config中重写URL:
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_CLUSTER_HTTPS}" pattern="^on$" negate="true" />
<add input="{HTTP_CLUSTER-HTTPS}" pattern=".+" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{SCRIPT_NAME}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
您可以在ASP.NET中强制使用SSL:
<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<script runat="server">
protected void Page_Load(object sender,System.EventArgs e)
{
if(Request.ServerVariables["HTTP_CLUSTER_HTTPS"] != "on")
{
if(Request.ServerVariables.Get("HTTP_CLUSTER-HTTPS") == null)
{
string xredir__,xqstr__;
xredir__ = "https://" + Request.ServerVariables["SERVER_NAME"];
xredir__ += Request.ServerVariables["SCRIPT_NAME"];
xqstr__ = Request.ServerVariables["QUERY_STRING"];
if (xqstr__ != "")
xredir__ = xredir__ + "?" + xqstr__;
Response.Redirect(xredir__);
}
}
Response.Write("SSL Only");
}
</script>
<html>
<head id="Head1" runat="server">
<title>SSL Only</title>
</head>
<body>
</body>
</html>
