IT:AD:Patterns:Secure the Line Strategy
Summary
Using HTTPS/ is only a first line of defense (it does not provide end to end encryption – only front server to front server encryption) but it is a good start.
Process
Therefore it's useful to have a way to ensure that all communications with the server are over HTTPS.
MVC
Using an Attribute Over the Action
using System; using System.Linq; using System.Net.Http; using System.Web.Http.Filters; using System.Web.Http.Controllers; namespace WebAPI { public class CustomHttpsAttribute : ActionFilterAttribute { public override void OnActionExecuting(HttpActionContext actionContext) { if (!String.Equals(actionContext.Request.RequestUri.Scheme, "https", StringComparison.OrdinalIgnoreCase)) { actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.BadRequest) { Content = new StringContent("HTTPS Required") }; return; } } } }