Custom Attributes in MVC
Many a times, in web development world, it is required to access certain page on https while others are on simple http. In ancient time, it can be achieve through configuring URL re-writing concepts in IIS. But if you specifically developing your web application in Asp.net MVC, it is lot easier to implement. Believe me!
This article describe on how to develop functionality for accessing certain page on Https protocol while others are on simple http.
Scenario:
Let us take an example of web site where login page needs to be accessed over secure socket layer (SSL - https) while after loging in, rest of the site should be run on normal http. Assume that this web
application is to be developed using asp.net MVC
Solution:
Many of you may already aware about attributes or custom attribute. Attributes provide a powerful method of associating declarative information with C# code (types, methods, properties, and so forth). Once
associated with a program entity, the attribute can be queried at run time and used in any number of ways. Asp.net MVC provides many built in attribute which are ready to use. However, you can extend or
enhance the functionality by defining your own custom attributes. This blog is highlighting the usage of ready to use attribute as well as custom attributes.
Okay, enough theory! Now let's jump into actual implementation.
Let’s assume we have a web application which has a Login page and a home page. The Login page ask you to provide user credentials and validating it and bring you to the Home page if you're an authorized user. Because user credentials are is very sensitive in nature, it is required to be run on HTTPS protocol.
To start with, Open Visual studio, create new project. Select Visual C# / Web templates and then select Asp.net MVC 4 Web application. Give appropriate name to the project (ex. SslDemo)
Select "Internet application" from project template dialog box.
This will create a new MVC web application and Account,Home and Contact controller and related views, script and other stuffs.
Using built-in attribute:
We will use one of the built-in attribute "RequiredSSL" for account controller. This attribute specify that the Controller's action method should be run on SSL (HTTPS).
Open "AccountController" and decorate class with "RequiredSSL" attribute above class definition. This signifies that the all the action method of Account controller Should be run on HTTPS.
Custom attributes:
We will create a custom attribute called "DoNotRequireSSL" which denotes that the page/action method needs to be run on http rather than https.
To do so, create a new class under "Attributes" folder as shown below:
That’s it! The above attribute do all the logic to redirect to http page whenever it encounter an https request. This attribute will be called before an action method is executed. It will grab the request and response from the context, check for the request type i.e. it is Secure and non-local. It then replace the "https" protocol with "http" of URL and reform the URL and redirect it to appropriate page.
All you need to do is, just decorate your class/action method with this attribute.
Ex.
Please note that you need to configure your web site to be run on HTTPS in IIS.
This article describe on how to develop functionality for accessing certain page on Https protocol while others are on simple http.
Scenario:
Let us take an example of web site where login page needs to be accessed over secure socket layer (SSL - https) while after loging in, rest of the site should be run on normal http. Assume that this web
application is to be developed using asp.net MVC
Solution:
Many of you may already aware about attributes or custom attribute. Attributes provide a powerful method of associating declarative information with C# code (types, methods, properties, and so forth). Once
associated with a program entity, the attribute can be queried at run time and used in any number of ways. Asp.net MVC provides many built in attribute which are ready to use. However, you can extend or
enhance the functionality by defining your own custom attributes. This blog is highlighting the usage of ready to use attribute as well as custom attributes.
Okay, enough theory! Now let's jump into actual implementation.
Let’s assume we have a web application which has a Login page and a home page. The Login page ask you to provide user credentials and validating it and bring you to the Home page if you're an authorized user. Because user credentials are is very sensitive in nature, it is required to be run on HTTPS protocol.
To start with, Open Visual studio, create new project. Select Visual C# / Web templates and then select Asp.net MVC 4 Web application. Give appropriate name to the project (ex. SslDemo)
Select "Internet application" from project template dialog box.
This will create a new MVC web application and Account,Home and Contact controller and related views, script and other stuffs.
Using built-in attribute:
We will use one of the built-in attribute "RequiredSSL" for account controller. This attribute specify that the Controller's action method should be run on SSL (HTTPS).
Open "AccountController" and decorate class with "RequiredSSL" attribute above class definition. This signifies that the all the action method of Account controller Should be run on HTTPS.
[RequireHttps]
public class AccountController
{
public ActionResult LogOn()
{
return this.View();
}
}
Custom attributes:
We will create a custom attribute called "DoNotRequireSSL" which denotes that the page/action method needs to be run on http rather than https.
To do so, create a new class under "Attributes" folder as shown below:
public sealed class DoNotRequireSSLAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext != null)
{
var request = filterContext.HttpContext.Request;
var response = filterContext.HttpContext.Response;
// check for SSL
if (request.IsSecureConnection && !request.IsLocal && request.Url != null)
{
string redirectUrl = request.Url.ToString().Replace("https:", "http:");
response.Redirect(redirectUrl);
}
base.OnActionExecuting(filterContext);
}
}
}
That’s it! The above attribute do all the logic to redirect to http page whenever it encounter an https request. This attribute will be called before an action method is executed. It will grab the request and response from the context, check for the request type i.e. it is Secure and non-local. It then replace the "https" protocol with "http" of URL and reform the URL and redirect it to appropriate page.
All you need to do is, just decorate your class/action method with this attribute.
Ex.
[DoNotRequireSSL]
public class HomeController
{
public ActionResult Index()
{
return this.View();
}
}
Please note that you need to configure your web site to be run on HTTPS in IIS.
Comments