2

In asp.net mvc 3 I have a site which has an ssl certificate, and runs just fine in https. The only page exposed is the logon page. For whatever reason, it does not load in https. Here is my relevant code (will post more on request if I left something out).

web.config

<compilation debug="false" targetFramework="4.0">
<authentication mode="Forms">
    <forms loginUrl="~/Account/LogOn" timeout="2880"  requireSSL="true"/>
</authentication>

global.asax

public static void RegisterRoutes(RouteCollection routes)
{
 routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
 routes.MapRoute(
  "Default", // Route name
  "{controller}/{action}/{id}", // URL with parameters
  new { controller = "Account", action = "LogOn", id = UrlParameter.Optional }
 );
}

account controller

#if !DEBUG
    [RequireHttps]
#endif
public class AccountController : Controller
{
 public ActionResult LogOn()
    {
        return View();
    }
}

When the logon view loads, it is not in Https. What did I miss?

Travis J
  • 81,153
  • 41
  • 202
  • 273

2 Answers2

1

You need to set the Build Target to Release when you build your site. You will see a dropdown that looks like this in Visual Studio, change it to Release and rebuild, then publish your site:

enter image description here

Erik Funkenbusch
  • 92,674
  • 28
  • 195
  • 291
  • Awesome! This worked, thank you. I cannot believe I missed something so simple. – Travis J Aug 10 '12 at 21:57
  • 1
    @TravisJ - Just remember, MVC is a Web Application project, which means all code is compiled to a dll at compile time. The web pages (aspx or cshtml) are compiled at runtime still, but the .cs files are not, therefore you have to set the build target to release in order to get real release build. – Erik Funkenbusch Aug 10 '12 at 21:59
  • Thanks, I did notice a difference in the .dll size when bin deploying. – Travis J Aug 10 '12 at 22:06
0

You need to add [RequireHttps], so it would look like this:

[RequireHttps]
public ActionResult LogOn()
{
    return View();
}

This will force it to use Https.

Edit

Perhaps you need to add, the following to your Web.Config's <system.webServer> section:

<rewrite>
  <rules>
    <rule name="Secure Account Controller" enabled="true" stopProcessing="true">
      <match url="^account" ignoreCase="true" />
      <conditions logicalGrouping="MatchAll" trackAllCaptures="true">
        <add input="{HTTPS}" pattern="off" />
        <add input="{HTTP_HOST}" pattern="([^/:]*?):[^/]*?" />
      </conditions>
      <action type="Redirect" url="https://{C:1}:44300{URL}" />
    </rule>
  </rules>
</rewrite>
Garrett Fogerlie
  • 4,450
  • 3
  • 37
  • 56
  • Don't the action methods inherit the requirement from the controller? – Travis J Aug 10 '12 at 21:27
  • Yes they do, what happens if you remove the `#if !DEBUG`? Sorry I didn't notice that. You can debug in `HTTPS` by using `localhost:44300` I think. – Garrett Fogerlie Aug 10 '12 at 21:29
  • Oddly enough, removing the `#IF` directive makes the `[RequireHttps]` function properly. What would cause the IF to fail? – Travis J Aug 10 '12 at 21:39
  • My guess is that the correct URL's aren't being rewritten. Try adding my edit to you're `Web.Config` file and seeing if that helps. I'm not sure because I have never used a `#If` in this situation. – Garrett Fogerlie Aug 10 '12 at 21:42
  • @TravisJ You know you are saying `#if !DEBUG` so you should expect only release to run in `HTTPS` otherwise you should use `#if DEBUG` for Debug. However I doubt this is your issue. – Garrett Fogerlie Aug 10 '12 at 21:55