In my last post, I described an ASP.NET Web Api RequireHttps attribute that supports SSL terminated at a load balancer like Amazon’s ELB. Here’s a RequireHttps attribute for ASP.NET MVC with load balancer support:
using System;
using System.Configuration;
using System.Web.Mvc;
using System.Web;
using System.Collections.Generic;
namespace MvcHelpers
{
public class RequireHttpsSupportsLBAttibute : RequireHttpsAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext.HttpContext.Request.IsSecureConnectionConsideringLoadBalancer()) return;
base.OnAuthorization(filterContext);
}
}
public static class HttpRequestBaseHelper
{
public static bool IsSecureConnectionConsideringLoadBalancer(this HttpRequestBase request)
{
return request.IsSecureConnection || LoadBalancerSecured(request);
}
public static bool LoadBalancerSecured(HttpRequestBase request)
{
if (string.Equals(request.Headers["X-Forwarded-Proto"],
"https"
StringComparison.InvariantCultureIgnoreCase))
{
return true;
}
return false;
}
}
}
Tom Cabanski 