我在做一个网站,要使用SSL,我发现像PaiPai.com等网站,任意页面,如果使用http访问,都会自动跳到https,这是怎么实现的?
用客户端JS或者服务器Response.Redirect肯定不行。因为我所有页面都要求使用SSL访问。用Http是访问不了的。
我觉得应该是要接管Http Module来实现,但具体怎么做就不清楚了,麻烦哪位大侠说说。
用客户端JS或者服务器Response.Redirect肯定不行。因为我所有页面都要求使用SSL访问。用Http是访问不了的。
我觉得应该是要接管Http Module来实现,但具体怎么做就不清楚了,麻烦哪位大侠说说。
这样吧
<P>First, we define a custom configuration class so we can place our URL base
strings into web.config:</P>
<DIV class=precollapse id=premain0 style="WIDTH: 100%"><IMG id=preimg0
style="CURSOR: hand" height=9 src="http://www.codeproject.com/images/minus.gif"
width=9 preid="0"> Collapse</DIV><PRE lang=cs id=pre0 style="MARGIN-TOP: 0px">using System;
using System.Configuration;
namespace AA.switchprotocol
{
public class SwitchProtocolSection : ConfigurationSection
{
[ConfigurationProperty("urls", IsRequired = true)]
public UrlsFormElement Urls
{
get { return (UrlsFormElement)base["urls"]; }
}
}
public class UrlsFormElement : ConfigurationElement
{
[ConfigurationProperty("baseUrl", IsRequired = true)]
public string BaseUrl
{
get { return (string)base["baseUrl"]; }
}
[ConfigurationProperty("baseSecureUrl", IsRequired = true)]
public string BaseSecureUrl
{
get { return (string)base["baseSecureUrl"]; }
}
}
}</PRE>
<configuration>
<configSections>
<section
name="SwitchProtocol"
type="AA.switchprotocol.SwitchProtocolSection, __code"/>
</configSections>
<SwitchProtocol>
<urls baseUrl="http://localhost"
baseSecureUrl="https://localhost" />
</SwitchProtocol>
<system.web>
<compilation debug="false"/>
</system.web>
<P>Next, define a simple accessor to the confiuration settings:</P><PRE lang=cs>using System;
using System.Web.Configuration;
namespace AA.switchprotocol
{
public static class Globals
{
public readonly static SwitchProtocolSection Settings =
(SwitchProtocolSection)WebConfigurationManager.
GetSection("SwitchProtocol");
}
}</PRE>
<P>Implement a base page class with custom redirect logic:</P>
<DIV class=precollapse id=premain3 style="WIDTH: 100%"><IMG id=preimg3
style="CURSOR: hand" height=9 src="http://www.codeproject.com/images/minus.gif"
width=9 preid="3"> Collapse</DIV><PRE lang=cs id=pre3 style="MARGIN-TOP: 0px">using System;
namespace AA.switchprotocol.UI
{
public class BasePage : System.Web.UI.Page
{
protected override void OnLoad(EventArgs e)
{
string scheme = Request.Url.Scheme;
if (_issecure)
{
if (scheme != "https")
{
Response.Redirect(
Globals.Settings.Urls.BaseSecureUrl +
Request.RawUrl);
}
}
else
{
if (scheme != "http")
{
string to = Globals.Settings.Urls.BaseUrl +
Server.UrlEncode(Request.RawUrl);
Server.Transfer("~/Tranz.aspx?to=" + to);
}
}
base.OnLoad(e);
}
private bool _issecure = false;
protected bool IsSecure {
get { return _issecure; }
set{ _issecure = value; }
}
}
}</PRE>
<P>Implement Tranz.aspx, which takes care of the script-block redirect:</P><PRE lang=aspnet><%@ Page Language="C#" Theme="" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
protected void Page_Load(object sender, EventArgs e)
{
_to = Server.UrlDecode(Request.QueryString["to"]);
}
private string _to;
protected void js()
{
Response.Write("window.location.replace(\"" + _to + "\");");
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<script type="text/javascript" language="JavaScript">
<!--
<% js(); %>
-->
</script>
<title></title></head><body></body>
</html></PRE>
<P>Implement a base page which defaults to secure:</P><PRE lang=cs>using System;
namespace AA.switchprotocol.UI
{
public class SecurePage : BasePage
{
protected override void OnLoad(EventArgs e)
{
IsSecure = true;
base.OnLoad(e);
}
}
}</PRE>
sorry, i can not find the former one URL hope it helps
但是如果要在iis下用https,你需要申请一个数字证书
Request.IsSecureConnection = true;否则的话 自己改请求
{
#region IHttpModule Members public void Dispose()
{
throw new Exception("The method or operation is not implemented.");
} public void Init(HttpApplication context)
{ if (context.Request.IsAuthenticated == false)
{
context.Response.Redirect("https://xxxxx",true);
}
} #endregion
}如果某些页面不需要 https 挑砖 请在
加入 不需要挑砖的URL判断 用xml 文件隐射下就好
if (context.Request.IsAuthenticated == false)
Switching Between HTTP and HTTPS Automatically: Version 2
http://www.codeproject.com/aspnet/WebPageSecurity_v2.asp
比星星贴的那个方法一要更方便。使用方法很简单,源码载下来,编译成DLL,在项目里添加引用就可以。
然后在Web.Config里加上一些东西就可以了:
<configSections>
<section name="secureWebPages" type="Ventaur.Web.Security.Configuration.SecureWebPageSettings, WebPageSecurity"/>
</configSections><!--安全设置,mode可以为On,Off,RemoteOnly 意义与CustomerError相同-->
<secureWebPages mode="Off" ignoreHandlers="WithStandardExtensions" warningBypassMode="AlwaysBypass" >
<files>
<add path="Default.aspx" secure="Ignore" />
<add path="Login.aspx" />
</files>
<directories>
<add path="/" recurse="False" />
<add path="Account" recurse="True" />
<add path="Help" secure="Insecure" />
</directories>
</secureWebPages><system.web>
<httpModules>
<add name="WebPageSecurity" type="Ventaur.Web.Security.SecureWebPageModule, WebPageSecurity" />
</system.web>
</httpModules>更具体的说明请看原文。