使用相对 URL 切换到 SSL

发布于 2024-08-13 17:35:01 字数 322 浏览 7 评论 0原文

我想创建一个相对链接,将当前协议从 http 切换到 https。我工作的最后一个地方在服务器上设置了一些东西,以便您可以实现这一点,但我不太记得它,而且我从来不知道它是如何工作的。

这样做的理由是,我不需要在需要在生产和开发环境之间移动的文件中硬编码服务器名称。

有没有办法让它在 IIS 6.0 中工作?


编辑:

我正在使用.NET,但我创建的“链接”不会动态生成。如果您确实想要详细信息,我在 Umbraco 中使用重定向宏,需要传入 URL。

I would like to create a relative link that switches the current protocol from http to https. The last place I worked had something set up on the server so that you could make that happen, but I don't remember much about it and I never knew how it worked.

The rationale for this is that I wouldn't need to hardcode server names in files that need to move in between production and development environments.

Is there a way for this to work in IIS 6.0?


Edit:

I am using .NET, but the "link" I'm creating will not be dynamically generated. If you really want the nitty gritty details, I am using a redirect macro in Umbraco that requires a URL to be passed in.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

快乐很简单 2024-08-20 17:35:01

下面是 VB.NET 中的一个简单解决方案:

Imports System.Web.HttpContext

Public Shared Sub SetSSL(Optional ByVal bEnable As Boolean = False)
  If bEnable Then
    If Not Current.Request.IsSecureConnection Then
      Dim strHTTPS As String = "https://www.mysite.com"
      Current.Response.Clear()
      Current.Response.Status = "301 Moved Permanently"
      Current.Response.AddHeader("Location", strHTTPS & Current.Request.RawUrl)
      Current.Response.End()
    End If
  Else
    If Current.Request.IsSecureConnection Then
      Dim strHTTP As String = "http://www.mysite.com"
      Current.Response.Clear()
      Current.Response.Status = "301 Moved Permanently"
      Current.Response.AddHeader("Location", strHTTP & Current.Request.RawUrl)
      Current.Response.End()
    End If
  End If
End Sub

用法:

'Enable SSL
SetSSL(True)

'Disable SSL
SetSSL(False)

您可以将其添加到每个页面的 Page_Load 中。或者,您可以像我一样执行一些操作,创建要在 global.asax 中保护的文件夹或页面列表,并在 Application_BeginRequest 方法中相应地设置 SSL。这将适用于相对链接,并且页面的 HTTP 或 HTTPS 状态将始终是您在代码中指定的状态。

我在几个网站上都有这个代码。但举个例子,如果您访问 https://www.techinsurance.com 您会自动注意到它重定向到 http,因为主页不需要保护。如果您尝试访问需要保护的页面,例如 http:// /www.techinsurance.com/quote/login.aspx

您可能会注意到我正在使用 301(永久)重定向。这里的附带好处是搜索引擎将根据 301 重定向代码更新其索引。

Here's a simple solution in VB.NET:

Imports System.Web.HttpContext

Public Shared Sub SetSSL(Optional ByVal bEnable As Boolean = False)
  If bEnable Then
    If Not Current.Request.IsSecureConnection Then
      Dim strHTTPS As String = "https://www.mysite.com"
      Current.Response.Clear()
      Current.Response.Status = "301 Moved Permanently"
      Current.Response.AddHeader("Location", strHTTPS & Current.Request.RawUrl)
      Current.Response.End()
    End If
  Else
    If Current.Request.IsSecureConnection Then
      Dim strHTTP As String = "http://www.mysite.com"
      Current.Response.Clear()
      Current.Response.Status = "301 Moved Permanently"
      Current.Response.AddHeader("Location", strHTTP & Current.Request.RawUrl)
      Current.Response.End()
    End If
  End If
End Sub

Usage:

'Enable SSL
SetSSL(True)

'Disable SSL
SetSSL(False)

You could add this to the Page_Load of each of your pages. Or you could do something like I did and create a list of folders or pages that you want secured in your global.asax and set the SSL accordingly in the Application_BeginRequest method. And this will work with relative links and the HTTP or HTTPS status of a page will always be what you tell it to be in the code.

I have this code in place on several websites. But as an example, if you go to https://www.techinsurance.com you'll notice it automatically redirects to http because the home page doesn't need to be secured. And the reverse will happen if you try to hit a page that needs to be secured such as http://www.techinsurance.com/quote/login.aspx

You may notice that I'm using 301 (permanent) redirects. The side benefit here is that search engines will update their index based on a 301 redirect code.

冷夜 2024-08-20 17:35:01

您使用哪种语言/框架?

您应该能够创建自己的函数,在其中传递相关页面,并从 HttpRequest 对象和 Server 对象(同样取决于语言或框架)推断出主机和 URL 是什么,然后只需重定向到该函数URL,但以 https 作为前缀。

Which language/framework are you using?

You should be able to create your own function in which you pass in the relative page and you deduce from the HttpRequest object and the Server object (again depending on the language or framework) what the host and URL are and then just simply redirect to that URL but with https as a prefix.

寂寞花火° 2024-08-20 17:35:01

这是一篇很好的 CodeProject 文章,介绍了通过指定某些目录和您想要使用 SSL 的文件。它会根据您的需要自动在 https 之间切换。

我已经在一个项目中使用了它,效果非常好。

Here is a good CodeProject article on doing this by specifying certain directories and files that you want to use SSL. It will automatically switch these to and from https based on your needs.

I've use this for a project, and it works really well.

驱逐舰岛风号 2024-08-20 17:35:01

这与我给出的答案相同这里

是的,可以。我推荐这个免费的开源 DLL,它可以让您指定哪些页面和文件夹需要 SSL,哪些不需要:

http://www.codeproject.com/KB/web-security/WebPageSecurity_v2.aspx

因此,您可以在 web.config 中设置一个安全页面,如下所示:

<secureWebPages encryptedUri="www.example.com" unencryptedUri="www.example.com" mode="RemoteOnly" >
    <files>
      <add path="/MustBeSecure.aspx" secure="Secure" />
    </files>
</secureWebPages>

This is the same answer I gave here:

Yes you can. I recommend this free open source DLL that lets you designate which pages and folders need SSL and which don't:

http://www.codeproject.com/KB/web-security/WebPageSecurity_v2.aspx

So you can setup a page to be secure in your web.config like this:

<secureWebPages encryptedUri="www.example.com" unencryptedUri="www.example.com" mode="RemoteOnly" >
    <files>
      <add path="/MustBeSecure.aspx" secure="Secure" />
    </files>
</secureWebPages>
沩ん囻菔务 2024-08-20 17:35:01

我们最终购买了 ISAPI Rewrite,以便在 Web 服务器级别对某些 URL 执行重定向。这并不是我提出问题时想要的答案,但这对我们有用。

We ended up buying ISAPI Rewrite to perform redirects at the web server level for certain URLs. That's not quite the answer I was looking for when I asked the question, but it's what works for us.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文