Differences

This shows you the differences between two versions of the page.

Link to this comparison view

it:ad:patterns:secure_the_line_strategy [2019/03/24 12:17] (current)
Line 1: Line 1:
 +# IT:​AD:​Patterns:​Secure the Line Strategy #
 +
 +
 +
 +<callout type="​Navigation"​ class="​small">​
 +* [[../​|(UP)]]
 +{{indexmenu>​.#​2|nsort tsort}}
 +
 +
 +</​callout>​
 +
 +
 +## Summary ##
 +
 +Using [[IT/#​HTTPS/​]] is only a first line of defense (it does not provide end to end encryption -- only front server to front server encryption) but it is a good start.
 +
 +
 +
 +## Process ##
 +
 +Therefore it's useful to have a way to ensure that all communications with the server are over HTTPS.
 +
 +
 +### MVC ###
 +
 +
 +#### Using an Attribute Over the Action ###
 +
 +
 +<sxh csharp>
 +using System;
 +using System.Linq;​
 +using System.Net.Http;​
 +using System.Web.Http.Filters;​
 +using System.Web.Http.Controllers;​
 + 
 +namespace WebAPI
 +{
 + ​public class CustomHttpsAttribute : ActionFilterAttribute
 + {
 +  public override void OnActionExecuting(HttpActionContext actionContext)
 +  {
 +   if (!String.Equals(actionContext.Request.RequestUri.Scheme,​ "​https",​ StringComparison.OrdinalIgnoreCase))
 +   {
 +    actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.BadRequest)
 +    {
 +     ​Content = new StringContent("​HTTPS Required"​)
 +    };
 +    return;
 +   }
 +  }
 + }
 +}
 +</​sxh>​
 +
 +
 +
 +## References
 +
 +* http://​codebetter.com/​johnvpetersen/​2012/​04/​02/​making-your-asp-net-web-apis-secure/​
 +
 +
 +