iis7,https,asp.net mvc的相关问题

IIS7配置SSL/https

view SSL binding configuration stored in HTTP.sys:

netsh http show sslcert

在某一站点上启用SSL:

C:\Windows\system32\inetsrv>appcmd set config "Default Web Site" -commitPath:APPHOST -section:access -sslFlags:[Ssl | SslNegotiateCert | SslRequireCert | Ssl128 | None]

-sslFlags的值要注意大小写

然后iis服务器里设置证书，再给站点做https的bindings，SSL Certificate选刚才建立的证书。

 

asp.net mvc 使用 SSL / https

首先注意到是，https在没有通过验证时，http的status code要返回：

403.4 - SSL required.

403.5 - SSL 128 required

Disable the Require secure channel option, or use HTTPS instead of HTTP to access the page. If you receive this error for a Web site that does not have a certificate installed, click the article number below to view the article in the Microsoft Knowledge Base:

IIS HTTP Status Code

我们可以创建Filter来完成验证工作：

 1 /// <summary>
 2     /// 提供安全连接的attribute
 3     /// </summary>
 4     public class RequireSSLBaseAttribute : ActionFilterAttribute
 5     {
 6         public bool IsRequireSSL { get; set; }
 7 
 8         /// <summary>
 9         /// 默认构造函数
         /// </summary>
         /// <remarks>
         /// 只要添加该attribute就认为需要SSL
         /// </remarks>
         public RequireSSLBaseAttribute()
         {
             IsRequireSSL = true;
         }
 
         /// <summary>
         /// 设置初始是否需要ssl
         /// </summary>
         /// <param name="isRequire">是否设置为使用SSL</param>
         public RequireSSLBaseAttribute(bool isRequire)
         {
             IsRequireSSL = isRequire;
         }
 
         public override void OnActionExecuting(ActionExecutingContext filterContext)
         {
             if (this.IsRequireSSL /*如果需要SSL*/ && 
                 !filterContext.HttpContext.Request.IsSecureConnection)
             {
                 //调用MakeActionResult()函数
                 filterContext.Result = MakeActionResult(filterContext.HttpContext);
             }
         }
 
         /// <summary>
         /// 默认的执行处理的方式
         /// </summary>
         /// <param name="httpContext">HttpContext</param>
         /// <returns>返回ActionResult</returns>
         protected virtual ActionResult MakeActionResult(HttpContextBase httpContext)
         {
             return new SSLUnauthorizedResult();
         }
     }

配合做一个SSL未验证的ActionResult:

 

 1 /// <summary>
 2 /// 返回ssl的错误状态值的Result
 3 /// </summary>
 4 public class SSLUnauthorizedResult : ActionResult
 5 {
 6     public override void ExecuteResult(ControllerContext context)
 7     {
 8         if (context == null)
 9         {
             throw new ArgumentNullException("context");
         }
 
         //SSL是403.4, SSL128是403.5
         context.HttpContext.Response.StatusCode = 403;
         context.HttpContext.Response.SubStatusCode = 4;
     }
 }

如果想在访问http://url/的时候跳转到https://url/可以这样继承一个:

 1protected override ActionResult BuildActionResult(HttpContextBase httpContext)
 2{
 3    //TODO: uri
 4    //获取当前请求的url并将开头的http转换为https://
 5    var url = httpContext.Request.Url.AbsoluteUri.ToString();
 6    if(httpContext.Request.Url.Scheme.Equals("http", StringComparison.InvariantCultureIgnoreCase))
 7    {
 8        var builder = new UriBuilder(httpContext.Request.Url.AbsoluteUri);
 9        //将Scheme换成https
        builder.Scheme = "https";
        //这里需要将Port设置为-1,因为UriBuilder并没有创建新的uri,所以
        //如果从http过来的url在这里Port会保留80. 设置为-1时,ToString()
        //方法内会自动去掉":Port"的项
        builder.Port = -1;
        url = builder.ToString();
    }
    return new RedirectResult(url);
}