TechQA.

Windows Azure ASP.NET MVC Role behaves strangely when redirecting from HTTP to HTTPS

617 views Asked by At

Subj. I've got an ASP.NET 2 MVC Worker Role Application, that does not differ much from the default template.

When attempting redirect from HTTP to HTTPS (this happens when we access constroller secured by the usual RequireSSL attribute implementation) we get blank page with "Bad Request" message.

IntelliTrace shows this:

Thrown: "The file '/Views/Home/LogOnUserControl.aspx' does not exist." (System.Web.HttpException)

Call stack is really short:

[External Code] 
App_Web_vfahw7gz.dll!ASP.views_shared_site_master.__Render__control1(System.Web.UI.HtmlTextWriter __w = {unknown}, System.Web.UI.Control parameterContainer = {unknown})    
[External Code] 
App_Web_bsbqxr44.dll!ASP.views_home_index_aspx.ProcessRequest(System.Web.HttpContext context = {unknown})   
[External Code]

User control reference is the usual one in /Views/Shared/Site.Master:

<div id="logindisplay">
    <% Html.RenderPartial("LogOnUserControl"); %>
</div>

And partial view LogOnUserControl.ashx is located in Views/Shared (and it is ASCX, not ASPX).

Problem shows up, when we try to access site pages, that require auth (FormsAuth) and redirect because of the SSL. These pages are secured by RequireSSL attribute (Redirect == true):

[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = false)]
public sealed class RequireSslAttribute : FilterAttribute, IAuthorizationFilter
{
  public bool Redirect { get; set; }

  // Methods
  public void OnAuthorization(AuthorizationContext filterContext)
  {
    // this get's messy, when we are running custom ports
    // within the local dev fabric.
    // hence we disable code in the debug

#if !DEBUG
    if (filterContext == null)
    {
      throw new ArgumentNullException("filterContext");
    }

    if (filterContext.HttpContext.Request.IsSecureConnection)
      return;

    var canRedirect = string.Equals(filterContext.HttpContext.Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase);

    if (canRedirect && Redirect)
    {
      var builder = new UriBuilder
      {
        Scheme = "https",
        Host = filterContext.HttpContext.Request.Url.Host,
        Path = filterContext.HttpContext.Request.RawUrl
      };
      filterContext.Result = new RedirectResult(builder.ToString());
    }
    else
    {
      throw new HttpException(0x193, "Access forbidden. The requested resource requires an SSL connection.");
    }
#endif
  }
}

Obviously we compile in RELEASE for this case.

Does anybody have any idea, what could cause this strange exception and how to get rid of it?

asp.net-mvc https azure requiressl
Original Q&A
2

There are 2 answers

0
Rinat Abdullin On

NB: that's not the proper solution, but it worked for now. By marking the entire home controller with RequireSsl we force all visitors to use Https from the start.

It is still possible to hit the error by calling something like:

http://project.company.com/User/Login?ReturnUrl=/solution

But it is not likely to get to such a link by navigating the site, so this will work for the time being.

0
JonoW On

Is there a specific reason your "LogOnUserControl" partial view is an ashx file rather than aspx/ascx? I'm under the impression that MVC only looks for .aspx and .ascx files as a convention.

Related Questions in ASP.NET-MVC

Related Questions in HTTPS

Related Questions in AZURE

Related Questions in REQUIRESSL

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions