Attention: We have retired the ASP.NET Community Blogs. Learn more >

Contents tagged with ASP.NET MVC

  • How to switch between HTTP and HTTPS in ASP.NET MVC2

    17 Comments

    ASP.NET MVC2 has the new RequireHttpsAttribute that you can use to decorate any action to force any non-secure request to come through HTTPS (SSL).  It can be used as simply as this:

            [RequireHttps]
            public ActionResult LogOn()
            {
            .....
            }

    Now any request to the LogOn action that is not over HTTPS will automatically be redirected back to itself over HTTPS.  This is very useful and easy to implement.

    Unfortunately though, once the scheme is changed to HTTPS, all following requests will also be under HTTPS, which is not necessarily what you want.  In most cases you do not need all requests to your site to be secure but only certain ones such as the logon page or pages that accept credit card information. 

    To handle this you can override the Controller.OnAuthorization method.  From within this method, you can check to see if the RequireHttps attribute is set on the Controller Action by searching the Attributes collection of the ActionDescriptor object. If the RequireHttpsAttribute is not set AND the request is under SSL, then return a redirect result to the HTTP (non-SSL) url:

    public class ControllerBase : Controller
    {

    protected override void OnAuthorization(AuthorizationContext filterContext)

      //the RequireHttpsAttribute set on the Controller Action will handle redirecting to Https. 
      // We just need to handle any requests that are already under SSL but should not be. 
      if (Request.IsSecureConnection) 
       {
        Boolean requireHttps = false;
        requireHttps = filterContext.ActionDescriptor.GetCustomAttributes(typeof(RequireHttpsAttribute), false).Count() >= 1; 


        //If this request is under ssl but yet the controller action
        // does not require it, then redirect to the http version.
        if (!requireHttps && !filterContext.IsChildAction)
        {
            UriBuilder uriBuilder = new UriBuilder(Request.Url);

            //change the scheme
            uriBuilder.Scheme = "http";
            uriBuilder.Port = 80;

            filterContext.Result = this.Redirect(uriBuilder.Uri.AbsoluteUri);
        }
       }

        base.OnAuthorization(filterContext);
    }

    }

    Now any HTTPS requests to controller actions that are not decorated with a RequireHttps attribute will be forced back to an HTTP (non-secure) request.

    EDITED (2010-08-21): Modified the code as recommended by the comment from Donnie Hale to move the check for Request.SecureConnection to the outermost if block.

    EDITED (2011-01-06): Modified the code as recommended by the comment from Sergio Tai to not perform this check if use Html.Action in views

  • Credit Card Expiration Date ASP.NET MVC SelectList Sample Code

    1 Comment

    A couple weeks ago I wrote about how to create credit card expiration date drop downs for your ASP.NET application.  Today I had to do the same thing but in ASP.NET MVC.  For the most part I was able to use the same logic but instead of slowly building up the drop down list items, in ASP.NET MVC I created a SelectList which is constructed from an IEnumerable object containing the collection of items to display. 

    From the MSDN Documentation for SelectList:

    SelectList Constructor (IEnumerable, String, String, Object)
    Initializes a new instance of the SelectList class by using the specified items for the list, the data value field, the data text field, and a selected value.

    In ASP.NET MVC you can use the Html.DropDownList helper to create the dropdownlist from a SelectList object:

    <%= Html.DropDownList("ExpMonth", Model.ExpMonthSelectList)%>
    <%= Html.DropDownList("ExpYear", Model.ExpYearSelectList)%>

    But the problem is what IEnumerable object could I use to contain the month and year information but also has data value and data text parts? This is where the System.Collections.Generic.KeyValuePair structure comes in:

    //Create the credit card expiration month SelectList
    List<KeyValuePair<string, string>> expirationDateMonths = new List<KeyValuePair<string, string>>();
    for (int i = 1; i <= 12; i++)
    {
        DateTime month = new DateTime(2000, i, 1);
        expirationDateMonths.Add(new KeyValuePair<string, string>(month.ToString("MM"), month.ToString("MMM (M)")));
    }
    this.ExpMonthSelectList = new SelectList(expirationDateMonths, "key", "value", DateTime.Today.ToString("MM"));

    //Create the credit card expiration year SelectList (go out 12 years) 
    List<KeyValuePair<string, string>> expirationDateYears = new List<KeyValuePair<string, string>>();
    for (int i = 0; i <= 11; i++)
    {
        String year = (DateTime.Today.Year + i).ToString();
        expirationDateYears.Add(new KeyValuePair<string, string>(year, year));
    }
    this.ExpYearSelectList = new SelectList(expirationDateYears, "key", "value", DateTime.Today.Year.ToString());

     

    Technorati Tags: ,