2

I know you can do this:

#if !DEBUG
    [RequireHttps] //apply to this action only
#endif

What if you are using Web Farm Framework where "the Controller" server receives an outside SSL 443 request, decrypts it, then forwards it to the Primary / Secondary servers using http 80 (without ssl?)

In this environment, I tried the [RequireHttps] attribute but it responded with "The page isn't redirecting properly" in Firefox. Firefox has detected that the server is redirecting the request for this address in a way that will never complete. It's recognizing it's not SSL, but because it strips off SSL, MVC won't ever see SSL attributes.

How would you rewrite certain action methods to use https in MVC 3 in a web farm? How can you do this with [RequireHttps] or do you have to cherry pick every URL in your website that requires ssl and "URL Rewrite" it?

EDIT:

I changed the controller to identify port 443 traffic and forward it to https on the web farm. I thought I could get away with only loading the SSL certs on the controller, but they need loaded on the Primary and Secondary as well (or only.)

Zachary Scott
  • 20,968
  • 35
  • 123
  • 205

1 Answers1

2

In your action method you can check for a secure connection:

if(Request.IsSecureConnection())
{
   // Secure connection logic here
}
  • The problem is the web farm removes the ssl before delivering it to the primary web server. Request.IsSecureConnection says false. – Zachary Scott Oct 07 '11 at 02:46
  • I setup the WWF to forward the SSL request to the SSL port on the second server. Now it works. – Zachary Scott Oct 07 '11 at 04:13
  • So in setting up the controller correctly, your suggestion works too (minus the parenthesis on the property). – Zachary Scott Oct 07 '11 at 04:18
  • I'm glad I could help. Did you have a chance to have a look how it actually works? And yes, sorry, I couldn't remember whether it was a method or a property.. –  Oct 07 '11 at 08:13