5

I have some MVC2 website that has a lot of [RequireHttps].

But when I debug it I have to comment many of them in different places (controllers). And when code is ready I have to delete all comments.

So it takes time and sometimes I forgot to uncomment [RequireHttps] :)

My question is which is best practices to resolve this problem?

Thank you!

Charles
  • 50,943
  • 13
  • 104
  • 142
NoWar
  • 36,338
  • 80
  • 323
  • 498
  • 1
    just out of curiosity -- why can't you debug with them in place? – Michael Edenfield Jul 07 '12 at 18:30
  • 2
    if you are still using the build-in VS web server, switch to IIS Express and you can debug w/ SSL enabled: http://learn.iis.net/page.aspx/901/iis-express-faq/ – Michael Edenfield Jul 07 '12 at 18:39
  • @MichaelEdenfield: I think your comment deserves to be an answer. It might well be the best answer. It's not actually answering the question, but I think it might solve the underlying problem. – comecme Jul 07 '12 at 20:11
  • it might; there might be reasons why the OP can't switch to IIS Express but if they can that is definitely the right way to go. – Michael Edenfield Jul 07 '12 at 20:20

6 Answers6

10

If you don't want to type #if statements around every usage, you can make a new attribute that is a no-op in debug builds, and a simple subclass of RequireHttps in release builds:

#if DEBUG
public class ReleaseRequireHttpsAttribute : Attribute
{
    // no-op
}
#elif
public class ReleaseRequireHttpsAttribute : RequireHttpsAttribute
{
    // does the same thing as RequireHttpsAttribute
}
#endif

Then simply find-and-replace every [RequireHttps] with [ReleaseRequireHttps] and use that for new methods.

kevingessner
  • 18,559
  • 5
  • 43
  • 63
4

Since you asked about "best practices" for solving this problem, the best practice in this case is to leave the attributes in place and debug the exact same code that you deploy. Any of the other answers (all of which will work) will mean that you are debugging code, then changing your code before you deploy, which is never a good idea.

In this case, it's easy enough to debug web projects over SSL if you use IIS Express. This is a drop-in replacement for the Visual Studio 2010 web server, but with most of the features of IIS, including secure HTTP support. More information can be found here:

http://learn.iis.net/page.aspx/901/iis-express-faq/

Once installed, you can switch your projects to use IIS Express, set up an https binding in the IIS Express configuration, and step through as normal.

Michael Edenfield
  • 28,070
  • 4
  • 86
  • 117
3

I'd use #if (C# Reference) and had a Debug and Release configuration:

Then you:

#if RELEASE
    [RequireHttps]
#endif
void methodHere()
{
...
}
user1494736
  • 2,425
  • 16
  • 8
2

The following will allow you to DRY up the functionality and prevent the necessity to pollute your controllers with pre-processor directives:

public class CustomRequireHttpsAttribute : RequireHttpsAttribute
{
    /* override appropriate method with preprocessor directives */
}

[CustomRequireHttps]
public ActionResult Foo(string foo) { /* ... */ }

[CustomRequireHttps]
public ActionResult Bar(string bar) { /* ... */ }
Alex
  • 34,899
  • 5
  • 77
  • 90
1

Use an #if RELEASE ... #endif structure:

#if RELEASE
    [RequireHttps]
#endif
void YourMethod()
{
    ...
}
Ofer Zelig
  • 17,068
  • 9
  • 59
  • 93
0

Here's a working version of custom attribute that requires HTTPS connection unless running under Visual Studio debugger:

/// <summary>
/// Requires HTTPS connection unless running under Visual Studio debugger.
/// </summary>
public class RemoteRequireHttpsAttribute : RequireHttpsAttribute
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        if (filterContext != null 
            && filterContext.HttpContext != null 
            && filterContext.HttpContext.Request.IsLocal)
            return;

        base.OnAuthorization(filterContext);
    }
}
Crulex
  • 1,030
  • 9
  • 16