我有一个使用Angular (6)和Windows身份验证的.net Web API应用程序。两者都部署到具有有效SSL证书的同一开发Web服务器上。
我试图在我的所有页面上强制进行http to https重定向。我已处理好Web API的一面-所有的/api路径都可以通过Kudvenkat的简单教程http://csharp-video-tutorials.blogspot.com/2016/09/aspnet-web-api-enable-https.html
https
创建一个 RequireHttpsAttribute.cs 类:
using System;
using System.Net;
using System.Net.Http;
using System.Text;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
namespace api
{
public class RequireHttpsAttribute : AuthorizationFilterAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
if (actionContext.Request.RequestUri.Scheme != Uri.UriSchemeHttps)
{
actionContext.Response = actionContext.Request
.CreateResponse(HttpStatusCode.Found);
actionContext.Response.Content = new StringContent
("<p>Use https instead of http</p>", Encoding.UTF8, "text/html");
UriBuilder uriBuilder = new UriBuilder(actionContext.Request.RequestUri);
uriBuilder.Scheme = Uri.UriSchemeHttps;
uriBuilder.Port = 443;
actionContext.Response.Headers.Location = uriBuilder.Uri;
}
else
{
base.OnAuthorization(actionContext);
}
}
}
}
WebApiConfig.cs:
public static void Register(HttpConfiguration config)
{
config.Filters.Add(new RequireHttpsAttribute());
}
但是就Angular路由(看起来不像https://myurl.com/api而是看起来像https://myurl.com/index.html#的路由)而言,我无法使它们重定向到https。必须同时在http to https代码和Web API代码中同时指定Angular重定向吗?
如果没有,也许我们需要将Web服务器配置为仅使用https?
答案 0 :(得分:1)
我通过在web.config中使用URL重写来做到这一点,如下所示:
<system.webServer>
<rewrite>
<rules>
<rule name="HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>
这应该同时处理WebApi和MVC / HTML / etc。