我正在使用Request.IsSecureConnection来检查SSL并在适当的地方重定向.在Rackspace的云上运行我的asp.net网站时,服务器在SSL集群后面运行,因此IsSecureConnection将始终返回false.检查URL是否包含“https://”,始终为false,检查端口等等也是如此.因此网站陷入了大重定向循环.
是否有其他方法可以检查SSL并在适当的位置重定向?有人在Rackspace的云上实际做过这个吗?
Public Class SecurityAwarePage Inherits Page Private _requireSSL As Boolean = False Public Property RequireSSL() As Boolean Get Return _requireSSL End Get Set(ByVal value As Boolean) _requireSSL = value End Set End Property Private ReadOnly Property IsSecure() As Boolean Get Return Request.IsSecureConnection End Get End Property Protected Overrides Sub OnInit(ByVal e As System.EventArgs) MyBase.OnInit(e) PushSSL() End Sub Private Sub PushSSL() Const SECURE As String = "https://" Const UNSECURE As String = "http://" If RequireSSL AndAlso Not IsSecure Then Response.Redirect(Request.Url.ToString.Replace(UNSECURE,SECURE)) ElseIf Not RequireSSL AndAlso IsSecure Then Response.Redirect(Request.Url.ToString.Replace(SECURE,UNSECURE)) End If End Sub End Class
解决方法
虽然很难检查SSL是否参与解决问题的方法是强制使用SSL.
从RackspaceCloud Support knowledge base:
您可以在web.config中重写URL:
<configuration> <system.webServer> <rewrite> <rules> <rule name="Redirect to HTTPS" stopProcessing="true"> <match url=".*" /> <conditions> <add input="{HTTP_CLUSTER_HTTPS}" pattern="^on$" negate="true" /> <add input="{HTTP_CLUSTER-HTTPS}" pattern=".+" negate="true" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}{SCRIPT_NAME}" redirectType="SeeOther" /> </rule> </rules> </rewrite> </system.webServer> </configuration>
您可以在ASP.NET中强制使用SSL:
<%@ Page Language="C#" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <script runat="server"> protected void Page_Load(object sender,System.EventArgs e) { if(Request.ServerVariables["HTTP_CLUSTER_HTTPS"] != "on") { if(Request.ServerVariables.Get("HTTP_CLUSTER-HTTPS") == null) { string xredir__,xqstr__; xredir__ = "https://" + Request.ServerVariables["SERVER_NAME"]; xredir__ += Request.ServerVariables["SCRIPT_NAME"]; xqstr__ = Request.ServerVariables["QUERY_STRING"]; if (xqstr__ != "") xredir__ = xredir__ + "?" + xqstr__; Response.Redirect(xredir__); } } Response.Write("SSL Only"); } </script> <html> <head id="Head1" runat="server"> <title>SSL Only</title> </head> <body> </body> </html>
