我使用Request.IsSecureConnection检查SSL和调整适当。当运行我的Rackspace的云asp.net网站，服务器运行背后SSL集群，所以IsSecureConnection将始终返回false。这同样适用于检查URL是否包含https：//开头，总是假的，检查端口等，所以该网站被卡在大重定向循环

有另一种方式来检查SSL和重定向在哪里合适？任何人实际上已经做到了这一点上Rackspace的云？

 公共类SecurityAwarePage
    继承页

    私人_requireSSL由于布尔= FALSE

    公共财产RequireSSL（）作为布尔
        得到
            返回_requireSSL
        最终获取
        设置（BYVAL值作为布尔）
            _requireSSL =价值
        结束设定
    高端物业

    私人只读属性的isSecure（）作为布尔
        得到
            返回Request.IsSecureConnection
        最终获取
    高端物业

    受保护的覆盖子的OnInit（BYVALË作为System.EventArgs）
        MyBase.OnInit（五）

        PushSSL（）
    结束小组

    私人小组PushSSL（）
        常量安全的，因为字符串=htt​​ps：//开头
        常量不安全的String =HTTP：//

        如果RequireSSL AndAlso没有的isSecure然后
            的Response.Redirect（Request.Url.ToString.Replace（不安全，安全））
        elseif的不RequireSSL AndAlso的isSecure然后
            的Response.Redirect（Request.Url.ToString.Replace（安全，不安全））
        结束如果

    结束小组

末级
 

解决方案

虽然很难检查SSL从事的方式解决此问题是迫使SSL。

在 RackspaceCloud支持知识库：

您可以重新写在web.config中网址：

 ＆lt;结构＆GT;
＆LT; system.webServer＆GT;
  ＆LT;改写＆GT;
    ＆LT;规则＆GT;
      ＆LT;规则名称=重定向到HTTPSsto​​pProcessing =真正的＆GT;
        ＆LT;*匹配URL = /＆GT;
        ＆LT;条件＆gt;
          ＆LT;添加输入={HTTP_CLUSTER_HTTPS}模式=^ $上否定=真/＆GT;
          ＆LT;添加输入={HTTP_CLUSTER-HTTPS}模式=否定=真/＆GT+。
        ＆所述; /条件＆gt;
        ＆lt;作用TYPE =重定向URL =htt​​ps：//开头{HTTP_HOST} {} SCRIPT_NAMEredirectType =SeeOther/＆GT;
      ＆LT; /规则＆GT;
    ＆LT; /规则＆GT;
  ＆LT; /重写＆GT;
＆LT; /system.webServer>
＆LT; /结构＆gt;
 

您可以在ASP.NET强制SSL：

 ＆LT;％@页面语言=C＃％＆GT;

！＆LT; D​​OCTYPE HTML PUBLIC -  // W3C // DTD XHTML 1.1 // ENhttp://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

＆LT;脚本=服务器＆GT;
  保护无效的Page_Load（对象发件人，发送System.EventArgs）
  {
    如果（Request.ServerVariables [HTTP_CLUSTER_HTTPS]！=上）
    {
      如果（Request.ServerVariables.Get（HTTP_CLUSTER-HTTPS）== NULL）
      {
        串xredir__，xqstr__;

        xredir__ =htt​​ps：//开头+ Request.ServerVariables [SERVER_NAME];
        xredir__ + = Request.ServerVariables [SCRIPT_NAME];
        xqstr__ = Request.ServerVariables [QUERY_STRING];

        如果（xqstr__！=）
            xredir__ = xredir__ +？ + xqstr__;

        的Response.Redirect（xredir__）;
      }
    }
    回复于（仅限SSL）;
  }
＆LT; / SCRIPT＆GT;

＆LT; HTML＆GT;
＆LT;头ID =头像1=服务器＆GT;
  ＆LT;冠军＆GT;仅SSL＆LT; /标题＆GT;
＆LT; /头＆GT;
＆LT;身体GT;
＆LT; /身体GT;
＆LT; / HTML＆GT;
 

I am using Request.IsSecureConnection to check for SSL and redirecting where appropriate. When running my asp.net website on Rackspace's cloud, the server is running behind an SSL cluster, so IsSecureConnection will always return false. The same goes for checking whether the url contains "https://", always false, checking the port, etc. So the website gets stuck in big redirect loop.

Is there another way to check for SSL and redirect where appropriate? Anyone that has actually done this on Rackspace's cloud?

Public Class SecurityAwarePage
    Inherits Page

    Private _requireSSL As Boolean = False

    Public Property RequireSSL() As Boolean
        Get
            Return _requireSSL
        End Get
        Set(ByVal value As Boolean)
            _requireSSL = value
        End Set
    End Property

    Private ReadOnly Property IsSecure() As Boolean
        Get
            Return Request.IsSecureConnection
        End Get
    End Property

    Protected Overrides Sub OnInit(ByVal e As System.EventArgs)
        MyBase.OnInit(e)

        PushSSL()
    End Sub

    Private Sub PushSSL()
        Const SECURE As String = "https://"
        Const UNSECURE As String = "http://"

        If RequireSSL AndAlso Not IsSecure Then
            Response.Redirect(Request.Url.ToString.Replace(UNSECURE, SECURE))
        ElseIf Not RequireSSL AndAlso IsSecure Then
            Response.Redirect(Request.Url.ToString.Replace(SECURE, UNSECURE))
        End If

    End Sub

End Class

Although it is difficult to check if SSL is engaged a way around the problem is to force SSL.

From the RackspaceCloud Support knowledge base:

You can re-write URLs in web.config:

<configuration>
<system.webServer>
  <rewrite>
    <rules>
      <rule name="Redirect to HTTPS" stopProcessing="true">
        <match url=".*" />
        <conditions>
          <add input="{HTTP_CLUSTER_HTTPS}" pattern="^on$" negate="true" />
          <add input="{HTTP_CLUSTER-HTTPS}" pattern=".+" negate="true" />
        </conditions>
        <action type="Redirect" url="https://{HTTP_HOST}{SCRIPT_NAME}" redirectType="SeeOther" />
      </rule>
    </rules>
  </rewrite>
</system.webServer>
</configuration>

You can force SSL in ASP.NET:

<%@ Page Language="C#" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<script runat="server">
  protected void Page_Load(object sender, System.EventArgs e)
  {
    if(Request.ServerVariables["HTTP_CLUSTER_HTTPS"] != "on")
    {
      if(Request.ServerVariables.Get("HTTP_CLUSTER-HTTPS") == null)
      {
        string xredir__, xqstr__;

        xredir__ = "https://" + Request.ServerVariables["SERVER_NAME"];
        xredir__ += Request.ServerVariables["SCRIPT_NAME"];
        xqstr__ = Request.ServerVariables["QUERY_STRING"];

        if (xqstr__ != "")
            xredir__ = xredir__ + "?" + xqstr__;

        Response.Redirect(xredir__);
      }
    }
    Response.Write("SSL Only");
  }
</script>

<html>
<head id="Head1" runat="server">
  <title>SSL Only</title>
</head>
<body>
</body>
</html>