I have an MVC app that is working fine, but I now want to add in an SSL site to the app.
This is a separate site in IIS, with the SSL certificate, but for re-use, I'm just pointing the SSL site to the same directory as the regular site.
What I'd like to do now, is direct the user to a certain controller (payment) if they come in on the secure url. Otherwise, they can continue on as they were.
What is the best way to do this?
Routing? Filters? Custom BaseController?
How can I ensure that no matter what route they try, if their Request.Url.Host is my secure url, then they'll get redirected. In the future if I add new controllers and actions, I don't want to have to put this in every controller.
Is there a way, application wide, that I can tell all controllers to redirect if a certain url is found?
Decorate your method with:
[RequireSsl(Redirect = true)]
[RequireHttps] is now part of ASP.NET MVC 2
Related
I am new in MVC, I have a list of url redirection:
•website1.domain.com goes to domain.com\websites\1
•website2.domain.com goes to domain.com\websites\2
This is a dynamic mapping like this: websiteN.domain.com goes to domain.com\websites\N
How can I do this in MVC, Do I need to use routing? or I need only URL redirection?
This is a duplicate question.
Everything you need can be done in IIS.
please visit this Stack link:
handling sub-domains in IIS for a web application
(same user asked this question and reposted How can we make an ASP.NET MVC4 route based on a subdomain?)
you can get more detailed information:
http://www.dotnetexpertguide.com/2012/04/aspnet-iis-dns-records-sub-domain-on.html
http://content.websitegear.com/article/subdomain_setup.htm
I've had a similar situation where I needed to make sure that the language code was in the url.
My solution was to write an http module. You'll want this module to inspect the request and see what subdomain the request is under. If it is a subdomain, then you'll want to redirect them to the correct directory under domain.com
I currently have an intranet site that is accessed by external customers. I therefore set this up using Forms Authentication. However the powers that be (my bosses) want all our domain users to not have to enter their username and password to access the site.
I've done a bit or reading and everything seems to point to setting up a WinLogin.aspx page that you alter to use WindowAuthenthication and then redirect from there.
I have a problem with this as I don't like the idea of putting an aspx form in my mvc application.
Can anyone tell me how to achieve mixed authentication using a strictly MVC Controller/Action setup without a second application?
NOTES: running MVC 3 on an IIS 7 box.
Forms Authentication is not related to the URL or physical structure of your files. What matters is that a URL should ultimately map to a physical (or virtual) resource on the server, and be processed, and be returned back to the user.
Thus, somewhere in between for each incoming call (each HTTP request, even those for CSS and JavaScript files), you have to see if the current user has enough permission to access it or not. If no, then you might redirect him to the login page.
If you want, you can have a URL like /user/windowslogin where user is the name of the controller, and windowslogin is the name of your action method. Then you can create a custom authentication attribute (something like [WindowsAuthentication]) on your windowslogin action, and in that attribute (which is an MVC filter in essence), you can see if the current request comes from within your domain, and if so, talk to Active Directory for authentication or stuff like that, and on case of successful authentication, create an authentication cookie using FormsAuthentication class, and the rest of the story.
However, I don't think this would be an easy task. Others might introduce better solutions.
I am testing RSA secureID(Token) to use for security in my asp.net mvc project.
It protects the url that i assigned and it will prompt to insert
UserName and password when we browse that url.
For eg,if we assigned **Http://SamlpleApp/Sales/main.aspx** to protect,
RSA will prompt to set username and password when we browse it.
That one is working properly in normal asp.net projects.
But,i don't know
how to use in my asp.net mvc prj,i want to protect one view,physical
address may be **Http://SampleApp/Views/Sales/Index.aspx** ,but we have to call the
controller index action first and that wil redirect to view in mvc.
So,is it possible
to get physical url of view like "Http://SampleApp/Views/Sales/Index.aspx"
when we browse controller action? I mean i want to get that url when we call
controller action.
Please give me the the right way.
Best Regards,
Indi
It's not possible to go directly to the view. If you look in the web.config file in your Views directory, you will notice it blocks all requests.
If you want to secure a page you have to do it by securing the controller or the action by using the authorize attribute (or implement your own authorisation).
How would you go about redirecting in ASP.NET MVC to take into account some external URL rewriting rules.
For example:
What the user enters: http://www.example.com/app/route
What ASP.NET MVC sees: /route
What I want to redirect to: http://www.example.com/app/other_route
What actually happens when I do a simple RedirectToAction: http://www.example.com/other_route (which doesn't exist, from the outside anyway)
This seems like it should be simple, but I'm drawing a blank.
Just use
RedirectToAction("NewAction", "Controller-Required-If-Diferent-From-Current-Controller");
Anybody got any experience in mapping a domain to an MVC area?
Here's our situation:
Old system (still active but will soon redirect to new store):
www.example.com - our main site where we send traffic
store.example.com - our store site which is a completely separate site that is indexed in google
New system:
www.example.com - same site as before
www.example.com/store - new store site - built in an ASP.NET MVC area
Because store is a separate domain google gives it a separate entry in the search results. I'd like to keep this benefit in future but wondering whether or not there is a good way to map a domain (store.example.com) to the MVC area or if its just going to be more trouble than its worth.
PS. I'm not trying to keep existing indexing - its a completely separate store so thats not possible. I just want to redirect to the corresponding page in the new store. I'm just trying not to lose the benefit of two domains for SEO purposes.
I would use URL Rewriting, either in ASP.NET or in IIS7 Application and Request Routing (ARR) to change incoming requests for store.example.com/... to example.com/store/....
MVC will have no issue with this - it doesn't get to see anything but the new URL and it will generate links only for the new layout.
Other alternatives:
Create a website for the store.example.com that just does a wildcard 301 redirect for each page to the corresponding page on the new site.
If the URLs don't overlap at all, point the old domain to the new MVC site and add duplicate routes for each action, e.g. shop.example.com/info.aspx?item27 might have a route "/info.aspx/{pathinfo*}" ... which loads an Action that knows how to handle the old URL parameters and can do a Redirect to the new Action.
I have sites where there are many URLs mapped onto the same Action - in fact, every legacy URL that has ever been used for a page still works today, including even the old .ASPX URLs which are now served up by an MVC Action. Some legacy URLs are dealt with using a 301 response, others which legitimately have duplicate content on the site are handled as normal but the page also includes a canonical URL to point out which one is the preferred URL.