Merge pull request #493 from Bitmapped/7.2.0

Force HTTPS Redirect on UmbracoUseSSL (U4-4737)
2014-10-01 11:06:42 +10:00
parent fc47cdf9b0 8aa9326e10
commit ac309f5a65
2 changed files with 45 additions and 0 deletions
--- a/src/Umbraco.Web/Editors/BackOfficeController.cs
+++ b/src/Umbraco.Web/Editors/BackOfficeController.cs
@@ -19,12 +19,14 @@ using Umbraco.Web.UI.JavaScript;
 using Umbraco.Web.PropertyEditors;
 using Umbraco.Web.Models;
 using Umbraco.Web.WebServices;
+using Umbraco.Web.WebApi.Filters;

 namespace Umbraco.Web.Editors
 {
    /// <summary>
    /// A controller to render out the default back office view and JS results
    /// </summary>
+    [UmbracoUseSSL]
    public class BackOfficeController : UmbracoController
    {
        /// <summary>
--- a/src/Umbraco.Web/WebApi/Filters/UmbracoUseSSL.cs
+++ b/src/Umbraco.Web/WebApi/Filters/UmbracoUseSSL.cs
@@ -0,0 +1,43 @@
+using System.Linq;
+using System.Web.Http;
+using System.Web.Http.Controllers;
+using Umbraco.Core;
+using System.Web.Mvc;
+using GlobalSettings = Umbraco.Core.Configuration.GlobalSettings;
+
+namespace Umbraco.Web.WebApi.Filters
+{
+    /// <summary>
+    /// If umbracoUseSSL property in web.config is set to true, this filter will redirect any http access to https.
+    /// </summary>
+    public class UmbracoUseSSL : RequireHttpsAttribute
+    {
+        /// <summary>
+        /// If umbracoUseSSL is true and we have a non-HTTPS request, handle redirect.
+        /// </summary>
+        /// <param name="filterContext">Filter context</param>
+        protected override void HandleNonHttpsRequest(AuthorizationContext filterContext)
+        {
+            // If umbracoUseSSL is set, let base method handle redirect.  Otherwise, we don't care.
+            if (GlobalSettings.UseSSL)
+            {
+                base.HandleNonHttpsRequest(filterContext);
+            }
+        }
+
+        /// <summary>
+        /// Check to see if HTTPS is currently being used if umbracoUseSSL is true.
+        /// </summary>
+        /// <param name="filterContext">Filter context</param>
+        public override void OnAuthorization(AuthorizationContext filterContext)
+        {
+            // If umbracoSSL is set, let base method handle checking for HTTPS.  Otherwise, we don't care.
+            if (GlobalSettings.UseSSL)
+            {
+                base.OnAuthorization(filterContext);
+            }
+        }
+
+
+    }
+}