您是否試過用[RequireHttps]
屬性裝飾您的控制器/操作?
糟糕,沒有注意到你問的是ASP.NET MVC 2.這個屬性僅在ASP.NET MVC 3中可用,所以下面是它的源代碼(在ASP.NET MVC 3中實現):
using System;
using System.Diagnostics.CodeAnalysis;
using System.Web.Mvc.Resources;
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public class RequireHttpsAttribute : FilterAttribute, IAuthorizationFilter {
public virtual void OnAuthorization(AuthorizationContext filterContext) {
if (filterContext == null) {
throw new ArgumentNullException("filterContext");
}
if (!filterContext.HttpContext.Request.IsSecureConnection) {
HandleNonHttpsRequest(filterContext);
}
}
protected virtual void HandleNonHttpsRequest(AuthorizationContext filterContext) {
// only redirect for GET requests, otherwise the browser might not propagate the verb and request
// body correctly.
if (!String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase)) {
throw new InvalidOperationException(MvcResources.RequireHttpsAttribute_MustUseSsl);
}
// redirect to HTTPS version of page
string url = "https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
filterContext.Result = new RedirectResult(url);
}
}
注意,它是如何做任何重定向,而不是使用RedirectResult這是在ASP.NET MVC執行重定向的正確方法=>通過返回操作結果:
filterContext.Result = new RedirectResult(url);
不僅如此,這將執行正確的重定向,但這是如何短路的執行動作。在語義上你的過濾器實際上應該是IAuthorizationFilter,因爲你在這裏阻止訪問某些資源。