我有一个自定义 RequireHttps 操作过滤器。我登录并且我的网站是 https,但是当您在登录时输入 http 页面时,操作过滤器永远不会被击中。我知道这一点是因为我已经登录,但我不再看到它被记录了。我希望它获得它的原因是测试用户是否经过身份验证并执行 301 重定向到 SSL 中的同一页面,但它永远不会被命中。
Global.asax
kernel.BindFilter<UseHttpsFilter>(FilterScope.Action, 0)
.WhenActionMethodHas<UseHttpsAttribute>()
.WithConstructorArgumentFromActionAttribute<UseHttpsAttribute>("requireSecure", q => q.RequireSecure);
kernel.BindFilter<UseHttpsFilter>(FilterScope.Controller, 0)
.WhenActionMethodHas<UseHttpsAttribute>()
.WithConstructorArgumentFromControllerAttribute<UseHttpsAttribute>("requireSecure", q => q.RequireSecure);
UseHttpsAttribute.cs
namespace Site.Web.Attributes
{
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public class UseHttpsAttribute : FilterAttribute
{
public bool RequireSecure { get; set; }
public UseHttpsAttribute(bool requireSecure)
{
RequireSecure = requireSecure;
}
}
public class UseHttpsFilter : ActionFilterAttribute
{
protected static readonly NLogLogger Logger = new NLogLogger();
public bool RequireSecure = false;
public UseHttpsFilter(bool requireSecure)
{
Logger.Debug("Use Https Constructor: " + requireSecure);
RequireSecure = requireSecure;
}
protected virtual void HandleNonHttpRequest(ActionExecutingContext filterContext)
{
if (string.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
{
string url = "http://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
filterContext.Result = new RedirectResult(url, true);
}
}
protected void HandleNonHttpsRequest(ActionExecutingContext filterContext)
{
if (string.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
{
string url = "https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
filterContext.Result = new RedirectResult(url, true);
}
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
Logger.Debug("Use Https Authenticated: " + filterContext.RequestContext.HttpContext.User.Identity.IsAuthenticated);
if (filterContext.RequestContext.HttpContext.User.Identity.IsAuthenticated || HttpContext.Current.Session[Config.ViewData.MemberSession] != null)
{
RequireSecure = true;
}
Logger.Debug("Use Https Local: " + filterContext.RequestContext.HttpContext.Request.IsLocal);
if (filterContext.RequestContext.HttpContext.Request.IsLocal)
RequireSecure = false;
if (RequireSecure)
{
Logger.Debug("Use Https Secure Connection: " + filterContext.HttpContext.Request.IsSecureConnection);
if (!filterContext.HttpContext.Request.IsSecureConnection)
{
HandleNonHttpsRequest(filterContext);
}
}
}
public override void OnActionExecuted(ActionExecutedContext filterContext)
{
}
}
}
最佳答案
发现是因为第一次绑定(bind)有这个
.WhenActionMethodHas<UseHttpsAttribute>()
代替
.WhenControllerHas<UseHttpsAttribute>()
关于asp.net-mvc - ASP.NET MVC 4 中的每个请求都没有命中 ActionFilterAttribute,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13689648/