5

A handful of pages on my website need to use SSL, so I've added [RequireHttps] to the relevant controllers. However, I still want the majority of my pages to always use non-SSL so I successfully used code I found on SO to create a custom [DoNotUseHttps] filter.

To make things easier I'd like to include this non-SSL filter by default, so I added it to the global filters which are set in the Global.asax file. However, I seem to have now created an infinite loop with each filter redirecting to the other.

Which leads me to my question... is there anything I can add to my global filter to detect if the [RequireHttps] has been already applied to the controller?

Community
  • 1
  • 1
Jonathan
  • 13,947
  • 17
  • 94
  • 123

1 Answers1

5

Sure, you can interrogate anything you like about the actions and controllers. To check for RequireHttpsAttribute:

public override void OnActionExecuted(ActionExecutedContext filterContext)
{
    base.OnActionExecuted(filterContext);

    bool requireHttps = filterContext.ActionDescriptor.ControllerDescriptor
        .GetCustomAttributes(typeof(RequireHttpsAttribute), true).Length > 0
 }
Kirk Woll
  • 76,112
  • 22
  • 180
  • 195