1

I have some ASP .NET MVC4 website which I have to put first to DEVELOPMENT place to test. And development website doesn't have SSL but the LIVE has it.

Well. I have to use [Requirehttps] inside of 20 controllers and I cannot comment it every time when I have test it under DEV website.

Is there any approach to configure [Requirehttps] based at least on some web.config settings or perhaps there is another approach? I mean I don't like to comment around 20 [Requirehttps] each time when I have publish website under LIVE.

Any clue?

NoWar
  • 36,338
  • 80
  • 323
  • 498
  • This is not an answer to your initial question, but why don´t you enable https on your development server? – OakNinja Mar 02 '13 at 00:20
  • @OakNinja Well My parnet said that he cannot apply GoDaddy Sertificate to DEVELOPMENT website... – NoWar Mar 02 '13 at 00:28
  • 1
    You can set up a self-signed certificate for your dev. machine. See: http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-in-iis-7.html and section: Generate a Self Signed Certificate with the Correct Common Name – OakNinja Mar 02 '13 at 00:32
  • I recommend using SSL in your development environment as well since sites behave differently using ssl, like references to javascript files and ajax calls. – OakNinja Mar 02 '13 at 00:34
  • @OakNinja When using IIS Express in VS 2010/2012, all it takes to enable SSL locally on your development machine is setting `Enable SSL` to True on your project properties. See [Working with SSL at Development Time is easier with IISExpress](http://www.hanselman.com/blog/WorkingWithSSLAtDevelopmentTimeIsEasierWithIISExpress.aspx) on Scott Hanselman's blog for further details. – Daniel Liuzzi Mar 03 '13 at 08:34
  • @Daniel Liuzzi yeah, if you dont work in a team. However, i guess most teams have a shared development environment running regular IIS. – OakNinja Mar 03 '13 at 09:12

2 Answers2

6

Override the RequireHttpsAttribute

web.config

<appSettings>
  <add key="SSL" value="false" />
</appSettings>

MyHttpsAttribute.cs

public class MyHttpsAttribute : RequireHttpsAttribute, IAuthorizationFilter
{
    public override void OnAuthorization(AuthorizationContext filterContext)
    {
        if (bool.Parse(AppSettings["SSL"]) != true) {
            return;
        }
        base.OnAuthorization(filterContext);
    }
}

BaseController

[MyHttps]
public abstract class BaseController : Controller
{
    ...
}
Jasen
  • 14,030
  • 3
  • 51
  • 68
1

If you switch between debug/release builds, you can do this in your code:

#if !DEBUG
    [RequireHttps]
#endif
bdemarzo
  • 11
  • 2