Redirecting a loop using an SSL action filter in ASP.NET MVC

Question

Redirecting a loop using an SSL action filter in ASP.NET MVC

I use ActionFilter (see below) to determine if there is 1. the current controller / action requires SSL and 2. SSL is currently being used and redirected accordingly.

This works fine locally (using a dummy certificate in IIS 7), but as soon as I get it on the server, I get an error message indicating an infinite redirection loop.

Any ideas?

public class SslFilter : ActionFilterAttribute { public SslFilter(bool sslRequired) { SslRequired = sslRequired; } public bool SslRequired { get; set; } public override void OnActionExecuting(ActionExecutingContext filterContext) { HttpRequestBase req = filterContext.HttpContext.Request; HttpResponseBase res = filterContext.HttpContext.Response; var builder = new UriBuilder(req.Url); if (SslRequired && !req.IsSecureConnection) { builder.Scheme = Uri.UriSchemeHttps; builder.Port = 443; res.Redirect(builder.Uri.ToString()); } else if (!SslRequired && req.IsSecureConnection) { builder.Scheme = Uri.UriSchemeHttp; builder.Port = 80; res.Redirect(builder.Uri.ToString()); } base.OnActionExecuting(filterContext); } }

Firefox Error:

Page not redirecting correctly
Firefox has detected that the server redirects the request for this address in a way that will never be complete.
This problem can sometimes be caused by disabling or refusing to accept cookies.

+3

ssl https asp.net-mvc action-filter

user280025 Feb 24 '10 at 3:45

source share

3 answers

Darin Dimitrov · Answer 1 · 2010-02-24T12:44:23+0000

Try redirecting more than MVCish:

 var builder = new UriBuilder(req.Url); if (SslRequired && !req.IsSecureConnection) { builder.Scheme = Uri.UriSchemeHttps; builder.Port = 443; filterContext.Result = new RedirectResult(builder.Uri.ToString()); filterContext.Cancel = true; } else if (!SslRequired && req.IsSecureConnection) { builder.Scheme = Uri.UriSchemeHttp; builder.Port = 80; filterContext.Result = new RedirectResult(builder.Uri.ToString()); filterContext.Cancel = true; } else { base.OnActionExecuting(filterContext); }

vradenburg · Answer 2 · 2010-12-09T15:16:57+0000

I had the same problem on the site I create and found that for some reason this was due to having a port number in the url. So, builder.Uri.ToString () was outputting http://domain.com:80/ or https://domain.com:443/ , which, as far as I know, should be fine, but we switched to using builder. Uri.AbsoluteUri and fixed the problem. Here is an example of our code ...

 UriBuilder __urlBuilder = new UriBuilder(__context.Request.Url); if (!HttpContext.Current.Request.Url.Scheme.Contains("https")) { if (this.Required == RequiredStates.Required) { __urlBuilder.Scheme = "https"; __urlBuilder.Port = 443; HttpContext.Current.Response.Redirect(__urlBuilder.Uri.AbsoluteUri, true); } } else { if (this.Required == RequiredStates.NotRequired) { __urlBuilder.Scheme = "http"; __urlBuilder.Port = 80; HttpContext.Current.Response.Redirect(__urlBuilder.Uri.AbsoluteUri, true); } }

Amit bagga · Answer 3 · 2011-05-30T07:41:41+0000

Verify the certificate installed on the server. Use the SSL configuration tool from MS to detect the problem. Most likely, the quotient is missing.

Redirecting a loop using an SSL action filter in ASP.NET MVC

More articles: