0

I am currently working on an asp.net mvc app. I am currently working on a log in feature, my aim is to somehow implement SSL so that I can send the password in plain text to the sever to be hashed there. In my controller Ive added the requireshttps attribute to the login action result:

[RequireHttps]//Enforcing SSL in a Web API Controller
    public ActionResult Login()
    {
        return View();
    }

Currently it does nothing and the page should just displays a form, but I will later add the functionality to get the data from the form to the controller (most likely via an ajax call).

However now I've added this attribute i cannot load the login webpage. I then found this tutorial and followed the instructions with IIS manager: http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis

Now I get this screen when I try to access the page:

enter image description here

I know that I am most likely making an obvious mistake as this is my first encounter with SSL and IIS, Any ideas?

Heres a screenshot of my IIS manager: enter image description here

Improve this question
9
  • Check your IIS site binding and make sure it has a port 443 (https) binding. Commented Apr 25, 2014 at 19:03
  • @WeTTTT added a screenshot of my IIS management I assume that is correct? Commented Apr 25, 2014 at 19:19
  • You've added an SSL Cert to your IIS server and Visual Studio is deploying content there or are you running it in Visual Studio? Commented Apr 25, 2014 at 19:24
  • IIS doesn't route this request to web api. Rather, it thinks it is a static file (see the message on the image). Make sure web config contains mvc mappings for extensionless uris. Commented Apr 25, 2014 at 19:25
  • @ErikPhilips I am debuggin in visual studio but testing on different browsers Commented Apr 25, 2014 at 19:27

1 Answer 1

Reset to default
0

The Solution that is currently working is one from this question: ASP.NET MVC: How to automatically disable [RequireHttps] on localhost?

So I added the same code:

    public class RequireSSLAttribute : FilterAttribute, IAuthorizationFilter
{
    public virtual void OnAuthorization(AuthorizationContext filterContext)
    {
        if (filterContext == null)
        {
            throw new ArgumentNullException("filterContext");
        }

        if (!filterContext.HttpContext.Request.IsSecureConnection)
        {
            HandleNonHttpsRequest(filterContext);
        }
    }

    protected virtual void HandleNonHttpsRequest(AuthorizationContext filterContext)
    {
        if (filterContext.HttpContext.Request.Url.Host.Contains("localhost")) return;

        if (!String.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
        {
            throw new InvalidOperationException("The requested resource can only be accessed via SSL");
        }

        string url = "https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
        filterContext.Result = new RedirectResult(url);
    }
}

And now it will work fine when I am testing on localhost. Though what happens if this site is hosted? Would SSL work?

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

If this is the localhost domain that caused the issue then most probably the actual non-localhost domain name would cause no issues.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.