其實這就跟MVC裡為一些Controller或Action加上需要認證屬性一樣.
首先先寫一個屬性(Attribute) 繼承 AuthorizationFilterAttribute
複寫 OnAuthorization 這個方法
程式的內容就偵測目前的URI是不是走https,
不是的話就要回送一個HttpStatusCode.Forbidden回去
1: public class RequireHttpsAttribute : AuthorizationFilterAttribute
2: {3: public override void OnAuthorization(HttpActionContext actionContext)
4: {5: if (actionContext.Request.RequestUri.Scheme != Uri.UriSchemeHttps)
6: {7: actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden)
8: {9: ReasonPhrase = "需要SSL連線!"
10: }; 11: }12: else
13: {14: base.OnAuthorization(actionContext);
15: } 16: } 17: }然後在需要SSL的Controller或是Action前加上[RequireHttps] 這樣的屬性.
文章標籤
全站熱搜
