چک لیست ارتقاء به HTTPS مخصوص یک برنامهی ASP.NET MVC 5x
نویسنده: وحید نصیری
تاریخ: ۱۳۹۷/۰۲/۳۰ ۱۵:۰
آدرس: www.dntips.ir
| مطالب | ۳۶۹۴ |
| نویسندگان | ۲۷۶ |
| گروههای مطالب | ۱۰۲۴ |
| نقشههای راه | ۱۱۹ |
| دورهها | ۱۴ |
| اشتراکها | ۱۷۹۱۴ |
AntiForgeryConfig.RequireSsl = true;
<configuration>
<system.web>
<authentication mode="Forms">
<forms requireSSL="true" cookieless="UseCookies"/>
</authentication>
</system.web>
</configuration> <configuration>
<system.web>
<httpCookies httpOnlyCookies="true" requireSSL="true" />
</system.web>
</configuration> <configuration>
<system.web>
<roleManager cookieRequireSSL="true" />
</system.web>
</configuration> var options = new CookieAuthenticationOptions()
{
CookieHttpOnly = true,
CookieSecure = CookieSecureOption.Always,
ExpireTimeSpan = TimeSpan.FromMinutes(10)
}; filters.Add(new RequireHttpsAttribute(permanent: true));
using System.Web.Mvc;
namespace MyWebsite
{
internal static class FilterConfig
{
internal static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
filters.Add(new RequireHttpsAttribute(permanent: true));
}
}
} protected void Application_BeginRequest(Object sender, EventArgs e)
{
if (!HttpContext.Current.Request.IsSecureConnection)
{
var builder = new UriBuilder
{
Scheme = "https",
Host = Request.Url.Host,
// use the RawUrl since it works with URL Rewriting
Path = Request.RawUrl
};
Response.Status = "301 Moved Permanently";
Response.AddHeader("Location", builder.ToString());
}
} <httpProtocol>
<customHeaders>
<add name="Strict-Transport-Security" value="max-age=16070400; includeSubDomains" /> <rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{HTTP_HOST}" negate="true" pattern="localhost" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule> var fullBaseUrl = Url.Action(result: MVC.Home.Index(), protocol: this.Request.Url.Scheme);
User-agent: * Sitemap: https://www.dntips.ir/Sitemap
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Strict-Transport-Security" value="max-age=16070400; includeSubDomains" />
<add name="Content-Security-Policy" value="upgrade-insecure-requests;" />
</customHeaders>
</httpProtocol>