IIS7配置SSL/https

原创

低代码布道者 2022-08-31 15:33:47 ©著作权

©著作权归作者所有：来自51CTO博客作者低代码布道者的原创作品，请联系作者获取转载授权，否则将追究法律责任

view SSL binding configuration stored in HTTP.sys:

netsh http show sslcert

在某一站点上启用SSL:

C:\Windows\system32\inetsrv>appcmd set config "Default Web Site" -commitPath:APPHOST -section:access -sslFlags:[Ssl | SslNegotiateCert | SslRequireCert | Ssl128 | None]

-sslFlags的值要注意大小写

然后iis服务器里设置证书，再给站点做https的bindings，SSL Certificate选刚才建立的证书。

asp.net mvc 使用 SSL / https

首先注意到是，https在没有通过验证时，http的status code要返回：

403.4 - SSL required.

1 /// <summary>
 2 /// 返回ssl的错误状态值的Result
 3 /// </summary>
 4 public class SSLUnauthorizedResult : ActionResult
 5 {
 6     public override void ExecuteResult(ControllerContext context)
 7     {
 8         if (context == null)
 9         {
10             throw new ArgumentNullException("context");
11         }
12 
13         //SSL是403.4, SSL128是403.5
14         context.HttpContext.Response.StatusCode = 403;
15         context.HttpContext.Response.SubStatusCode = 4;
16     }
17 }

1 /// <summary>
 2     /// 提供安全连接的attribute
 3     /// </summary>
 4     public class RequireSSLBaseAttribute : ActionFilterAttribute
 5     {
 6         public bool IsRequireSSL { get; set; }
 7 
 8         /// <summary>
 9         /// 默认构造函数
10         /// </summary>
11         /// <remarks>
12         /// 只要添加该attribute就认为需要SSL
13         /// </remarks>
14         public RequireSSLBaseAttribute()
15         {
16             IsRequireSSL = true;
17         }
18 
19         /// <summary>
20         /// 设置初始是否需要ssl
21         /// </summary>
22         /// <param name="isRequire">是否设置为使用SSL</param>
23         public RequireSSLBaseAttribute(bool isRequire)
24         {
25             IsRequireSSL = isRequire;
26         }
27 
28         public override void OnActionExecuting(ActionExecutingContext filterContext)
29         {
30             if (this.IsRequireSSL /*如果需要SSL*/ && 
31                 !filterContext.HttpContext.Request.IsSecureConnection)
33             {
34                 //调用MakeActionResult()函数
35                 filterContext.Result = MakeActionResult(filterContext.HttpContext);
36             }
37         }
38 
39         /// <summary>
40         /// 默认的执行处理的方式
41         /// </summary>
42         /// <param name="httpContext">HttpContext</param>
43         /// <returns>返回ActionResult</returns>
44         protected virtual ActionResult MakeActionResult(HttpContextBase httpContext)
45         {
46             return new SSLUnauthorizedResult();
47         }
48     }

• • RequireSSLBaseAttribute
 

配合做一个SSL未验证的ActionResult:
• Code

如果想在访问http://url/的时候跳转到https://url/可以这样继承一个:
1• protected override ActionResult BuildActionResult(HttpContextBase httpContext)
 2• {
 3•     //TODO: uri
 4•     //获取当前请求的url并将开头的http转换为https://
 5•     var url = httpContext.Request.Url.AbsoluteUri.ToString();
 6•     if(httpContext.Request.Url.Scheme.Equals("http", StringComparison.InvariantCultureIgnoreCase))
 7•     
• {
 8•         var builder = new UriBuilder(httpContext.Request.Url.AbsoluteUri);
 9•         //将Scheme换成https
10•         builder.Scheme = "https";
11•         //这里需要将Port设置为-1,因为UriBuilder并没有创建新的uri,所以
12•         //如果从http过来的url在这里Port会保留80. 设置为-1时,ToString()
13•         //方法内会自动去掉":Port"的项
14•         builder.Port = -1;
15•         url = builder.ToString();
16•     }
17•     return new RedirectResult(url);
18• }

403.5 - SSL 128 requiredDisable theRequire secure channel option, or use HTTPS instead of HTTP to access the page. If you receive this error for a Web site that does not have a certificate installed, click the article number below to view the article in the Microsoft Knowledge Base:
IIS HTTP Status Code我们可以创建Filter来完成验证工作：