0
有人可以验证这段代码的完整性吗?我想用它来装饰控制器,以便它将URL规范化为https和/或www。这是我的代码的第二再写入,因为第一个抛出自己变成一个无限的重定向,但不知何故,我仍然认为这是不太有...提前ASP.NET MVC(2)NormalizeUrl动作筛选器属性(C#)
public class NormalizeUrl : ActionFilterAttribute {
private bool ForceHttps = false;
private bool ForceWww = false;
public NormalizeUrl() {
}
public NormalizeUrl(
bool ForceHttps,
bool ForceWww) {
this.ForceHttps = ForceHttps;
this.ForceWww = ForceWww;
}
public override void OnActionExecuting(
ActionExecutingContext Context) {
HttpRequestBase Request = Context.HttpContext.Request;
HttpResponseBase Response = Context.HttpContext.Response;
if (!Request.IsLocal) {
Uri Uri;
if (!Request.IsSecureConnection && ForceHttps) {
if (ForceWww) {
Uri = new Uri(Uri.UriSchemeHttps + "://www." + Request.Url.Host.Replace("www.", string.Empty) + "/" + Request.Url.AbsolutePath);
} else {
Uri = new Uri(Uri.UriSchemeHttps + "://" + Request.Url.Host.Replace("www.", string.Empty) + "/" + Request.Url.AbsolutePath);
};
} else if (!ForceHttps) {
if (ForceWww) {
Uri = new Uri(Uri.UriSchemeHttp + "://www." + Request.Url.Host.Replace("www.", string.Empty) + "/" + Request.Url.AbsolutePath);
} else {
Uri = Request.Url;
};
} else {
Uri = Request.Url;
};
Response.RedirectPermanent(Uri.AbsoluteUri, true);
};
}
}
谢谢!
您是否在寻找一个安全评估? – 2010-08-04 21:31:15
不,我正在寻找一个验证(或有关改进的建议),如果代码将按照我想要的那样进行,即将http:// domain.com转换为A)'http://www.domain.com',B)'https:// domain.com'或者C)'https:// www.domain.com',基于控制器装饰传入的参数。 – Gup3rSuR4c 2010-08-04 21:39:52