ASPNet Core checks whether current connection is secured

using APS.net Core to mark all website pages working with https protocol
we will do this using IAuthorizationFilter.
and here is an example how we can do it.
/// <summary>
    /// Represents a filter attribute that checks whether current connection is secured and properly redirect if necessary
    /// </summary>
    public class HttpsRequirementAttribute : TypeFilterAttribute
    {
        #region Fields

        private readonly SslRequirement _sslRequirement;

        #endregion

        #region Ctor

        /// <summary>
        /// Create instance of the filter attribute
        /// </summary>
        /// <param name="sslRequirement">Whether the page should be secured</param>
        public HttpsRequirementAttribute(SslRequirement sslRequirement) : base(typeof(HttpsRequirementFilter))
        {
            this._sslRequirement = sslRequirement;
            this.Arguments = new object[] { sslRequirement };
        }

        #endregion

        #region Properties

        /// <summary>
        /// Gets a value indicating whether the page should be secured
        /// </summary>
        public SslRequirement SslRequirement => _sslRequirement;

        #endregion

        #region Nested filter

        /// <summary>
        /// Represents a filter confirming that checks whether current connection is secured and properly redirect if necessary
        /// </summary>
        private class HttpsRequirementFilter : IAuthorizationFilter
        {
            #region Fields

            private SslRequirement _sslRequirement;
            private readonly WebsiteSettings _websiteSettings;
            private readonly IWebHelper _webHelper;
            private readonly SecuritySettings _securitySettings;

            #endregion

            #region Ctor

            public HttpsRequirementFilter(SslRequirement sslRequirement,
                WebsiteSettings websiteSettings,
                IWebHelper webHelper,
                SecuritySettings securitySettings)
            {
                this._sslRequirement = sslRequirement;
                this._websiteSettings = websiteSettings;
                this._webHelper = webHelper;
                this._securitySettings = securitySettings;
            }

            #endregion

            #region Utilities

            /// <summary>
            /// Check whether current connection is secured and properly redirect if necessary
            /// </summary>
            /// <param name="filterContext">Authorization filter context</param>
            /// <param name="useSsl">Whether the page should be secured</param>
            protected void RedirectRequest(AuthorizationFilterContext filterContext, bool useSsl)
            {
                //whether current connection is secured
                var currentConnectionSecured = _webHelper.IsCurrentConnectionSecured();

                //page should be secured, so redirect (permanent) to HTTPS version of page
                if (useSsl && !currentConnectionSecured && _websiteSettings.SslEnabled)
                    filterContext.Result = new RedirectResult(_webHelper.GetThisPageUrl(true, true), true);

                //page shouldn't be secured, so redirect (permanent) to HTTP version of page
                if (!useSsl && currentConnectionSecured)
                    filterContext.Result = new RedirectResult(_webHelper.GetThisPageUrl(true, false), true);
            }

            #endregion

            #region Methods

            /// <summary>
            /// Called early in the filter pipeline to confirm request is authorized
            /// </summary>
            /// <param name="filterContext">Authorization filter context</param>
            public void OnAuthorization(AuthorizationFilterContext filterContext)
            {
                if (filterContext == null)
                    throw new ArgumentNullException(nameof(filterContext));

                if (filterContext.HttpContext.Request == null)
                    return;

                //only in GET requests, otherwise the browser might not propagate the verb and request body correctly
                if (!filterContext.HttpContext.Request.Method.Equals(WebRequestMethods.Http.Get, StringComparison.InvariantCultureIgnoreCase))
                    return;

                if (!DataSettingsManager.DatabaseIsInstalled)
                    return;

                //check whether this filter has been overridden for the Action
                var actionFilter = filterContext.ActionDescriptor.FilterDescriptors
                    .Where(filterDescriptor => filterDescriptor.Scope == FilterScope.Action)
                    .Select(filterDescriptor => filterDescriptor.Filter).OfType<HttpsRequirementAttribute>().FirstOrDefault();

                var sslRequirement = actionFilter?.SslRequirement ?? _sslRequirement;

                //whether all pages will be forced to use SSL no matter of the passed value
                if (_securitySettings.ForceSslForAllPages)
                    sslRequirement = SslRequirement.Yes;

                switch (sslRequirement)
                {
                    case SslRequirement.Yes:
                        //redirect to HTTPS page
                        RedirectRequest(filterContext, true);
                        break;
                    case SslRequirement.No:
                        //redirect to HTTP page
                        RedirectRequest(filterContext, false);
                        break;
                    case SslRequirement.NoMatter:
                        //do nothing
                        break;
                    default:
                        throw new PasException("Not supported SslRequirement parameter");
                }
            }

            #endregion
        }

        #endregion
    }
this will do it.

Comments