IIS7配置SSL/https

view SSL binding configuration stored in HTTP.sys:

netsh http show sslcert

在某一站点上启用SSL:

C:\Windows\system32\inetsrv>appcmd set config "Default Web Site" -commitPath:APPHOST -section:access -sslFlags:[Ssl | SslNegotiateCert | SslRequireCert | Ssl128 | None]

-sslFlags的值要注意大小写

然后iis服务器里设置证书，再给站点做https的bindings，SSL Certificate选刚才建立的证书。

 

asp.net mvc 使用 SSL / https

首先注意到是，https在没有通过验证时，http的status code要返回：

403.4 - SSL required.

403.5 - SSL 128 required

Disable the Require secure channel option, or use HTTPS instead of HTTP to access the page. If you receive this error for a Web site that does not have a certificate installed, click the article number below to view the article in the Microsoft Knowledge Base:

IIS HTTP Status Code

我们可以创建Filter来完成验证工作：

 1 /// <summary>
 2     /// 提供安全连接的attribute
 3     /// </summary>
 4     public class RequireSSLBaseAttribute : ActionFilterAttribute
 5     {
 6         public bool IsRequireSSL { get; set; }
 7 
 8         /// <summary>
 9         /// 默认构造函数
10         /// </summary>
11         /// <remarks>
12         /// 只要添加该attribute就认为需要SSL
13         /// </remarks>
14         public RequireSSLBaseAttribute()
15         {
16             IsRequireSSL = true;
17         }
18 
19         /// <summary>
20         /// 设置初始是否需要ssl
21         /// </summary>
22         /// <param name="isRequire">是否设置为使用SSL</param>
23         public RequireSSLBaseAttribute(bool isRequire)
24         {
25             IsRequireSSL = isRequire;
26         }
27 
28         public override void OnActionExecuting(ActionExecutingContext filterContext)
29         {
30             if (this.IsRequireSSL /*如果需要SSL*/ && 
31                 !filterContext.HttpContext.Request.IsSecureConnection)
33             {
34                 //调用MakeActionResult()函数
35                 filterContext.Result = MakeActionResult(filterContext.HttpContext);
36             }
37         }
38 
39         /// <summary>
40         /// 默认的执行处理的方式
41         /// </summary>
42         /// <param name="httpContext">HttpContext</param>
43         /// <returns>返回ActionResult</returns>
44         protected virtual ActionResult MakeActionResult(HttpContextBase httpContext)
45         {
46             return new SSLUnauthorizedResult();
47         }
48     }

配合做一个SSL未验证的ActionResult:

 

 1 /// <summary>
 2 /// 返回ssl的错误状态值的Result
 3 /// </summary>
 4 public class SSLUnauthorizedResult : ActionResult
 5 {
 6     public override void ExecuteResult(ControllerContext context)
 7     {
 8         if (context == null)
 9         {
10             throw new ArgumentNullException("context");
11         }
12 
13         //SSL是403.4, SSL128是403.5
14         context.HttpContext.Response.StatusCode = 403;
15         context.HttpContext.Response.SubStatusCode = 4;
16     }
17 }

如果想在访问http://url/的时候跳转到https://url/可以这样继承一个:

 1protected override ActionResult BuildActionResult(HttpContextBase httpContext)
 2{
 3    //TODO: uri
 4    //获取当前请求的url并将开头的http转换为https://
 5    var url = httpContext.Request.Url.AbsoluteUri.ToString();
 6    if(httpContext.Request.Url.Scheme.Equals("http", StringComparison.InvariantCultureIgnoreCase))
 7    {
 8        var builder = new UriBuilder(httpContext.Request.Url.AbsoluteUri);
 9        //将Scheme换成https
10        builder.Scheme = "https";
11        //这里需要将Port设置为-1,因为UriBuilder并没有创建新的uri,所以
12        //如果从http过来的url在这里Port会保留80. 设置为-1时,ToString()
13        //方法内会自动去掉":Port"的项
14        builder.Port = -1;
15        url = builder.ToString();
16    }
17    return new RedirectResult(url);
18}