# IT:AD:Patterns:Secure the Line Strategy #



<callout type="Navigation" class="small">

* [[../|(UP)]]
{{indexmenu>.#2|nsort tsort}}


</callout>


## Summary ##

Using [[IT/#HTTPS/]] is only a first line of defense (it does not provide end to end encryption -- only front server to front server encryption) but it is a good start.



## Process ##

Therefore it's useful to have a way to ensure that all communications with the server are over HTTPS.


### MVC ###


#### Using an Attribute Over the Action ###


<sxh csharp>
using System;
using System.Linq;
using System.Net.Http;
using System.Web.Http.Filters;
using System.Web.Http.Controllers;
 
namespace WebAPI
{
 public class CustomHttpsAttribute : ActionFilterAttribute
 {
  public override void OnActionExecuting(HttpActionContext actionContext)
  {
   if (!String.Equals(actionContext.Request.RequestUri.Scheme, "https", StringComparison.OrdinalIgnoreCase))
   {
    actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.BadRequest)
    {
     Content = new StringContent("HTTPS Required")
    };
    return;
   }
  }
 }
}
</sxh>



## References

* http://codebetter.com/johnvpetersen/2012/04/02/making-your-asp-net-web-apis-secure/