it:ad:patterns:secure_the_line_strategy

Differences

This shows you the differences between two versions of the page.


it:ad:patterns:secure_the_line_strategy [2023/11/04 03:29] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +# IT:AD:Patterns:Secure the Line Strategy #
 +
 +
 +
 +<callout type="Navigation" class="small">
 +
 +* [[../|(UP)]]
 +{{indexmenu>.#2|nsort tsort}}
 +
 +
 +</callout>
 +
 +
 +## Summary ##
 +
 +Using [[IT/#HTTPS/]] is only a first line of defense (it does not provide end to end encryption -- only front server to front server encryption) but it is a good start.
 +
 +
 +
 +## Process ##
 +
 +Therefore it's useful to have a way to ensure that all communications with the server are over HTTPS.
 +
 +
 +### MVC ###
 +
 +
 +#### Using an Attribute Over the Action ###
 +
 +
 +<sxh csharp>
 +using System;
 +using System.Linq;
 +using System.Net.Http;
 +using System.Web.Http.Filters;
 +using System.Web.Http.Controllers;
 + 
 +namespace WebAPI
 +{
 + public class CustomHttpsAttribute : ActionFilterAttribute
 + {
 +  public override void OnActionExecuting(HttpActionContext actionContext)
 +  {
 +   if (!String.Equals(actionContext.Request.RequestUri.Scheme, "https", StringComparison.OrdinalIgnoreCase))
 +   {
 +    actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.BadRequest)
 +    {
 +     Content = new StringContent("HTTPS Required")
 +    };
 +    return;
 +   }
 +  }
 + }
 +}
 +</sxh>
 +
 +
 +
 +## References
 +
 +* http://codebetter.com/johnvpetersen/2012/04/02/making-your-asp-net-web-apis-secure/
 +
 +
 +