IT:AD:Patterns:Secure the Line Strategy

Using HTTPS/ is only a first line of defense (it does not provide end to end encryption – only front server to front server encryption) but it is a good start.

Therefore it's useful to have a way to ensure that all communications with the server are over HTTPS.

MVC

Using an Attribute Over the Action

using System;
using System.Linq;
using System.Net.Http;
using System.Web.Http.Filters;
using System.Web.Http.Controllers;
 
namespace WebAPI
{
 public class CustomHttpsAttribute : ActionFilterAttribute
 {
  public override void OnActionExecuting(HttpActionContext actionContext)
  {
   if (!String.Equals(actionContext.Request.RequestUri.Scheme, "https", StringComparison.OrdinalIgnoreCase))
   {
    actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.BadRequest)
    {
     Content = new StringContent("HTTPS Required")
    };
    return;
   }
  }
 }
}