public void OnActionExecuted(ActionExecutedContext filterContext)
        {
            var settings = _sslService.GetSettings();

            if (!settings.Enabled)
            {
                _orchardServices.Notifier.Warning(T("You need to configure the SSL settings."));
            }
        }
Beispiel #2
0
        public IEnumerable <NotifyEntry> GetNotifications()
        {
            var workContext = _orchardServices.WorkContext;
            var settings    = _sslService.GetSettings();

            if (!settings.Enabled)
            {
                var urlHelper = new UrlHelper(workContext.HttpContext.Request.RequestContext);
                var url       = urlHelper.Action("Ssl", "Admin", new { Area = "Settings" });
                yield return(new NotifyEntry {
                    Message = T("The <a href=\"{0}\">SSL settings</a> need to be configured.", url), Type = NotifyType.Warning
                });
            }
        }
        public void OnActionExecuting(ActionExecutingContext filterContext)
        {
            var settings = _sslService.GetSettings();

            if (filterContext.IsChildAction || !settings.Enabled)
            {
                return;
            }

            var user   = filterContext.HttpContext.User;
            var secure =
                (user != null && user.Identity.IsAuthenticated) ||
                _sslService.ShouldBeSecure(filterContext);

            var request = filterContext.HttpContext.Request;

            // redirect to a secured connection ?
            if (secure && !request.IsSecureConnection)
            {
                var secureActionUrl = AppendQueryString(
                    request.QueryString,
                    _sslService.SecureActionUrl(
                        filterContext.ActionDescriptor.ActionName,
                        filterContext.ActionDescriptor.ControllerDescriptor.ControllerName,
                        filterContext.RequestContext.RouteData.Values));

                filterContext.Result = new RedirectResult(secureActionUrl);
                return;
            }

            // non auth page on a secure canal
            // nb: needed as the ReturnUrl for LogOn doesn't force the scheme to http, and reuses the current one
            // Also don't force http on ajax requests.
            if (!secure && request.IsSecureConnection && !request.IsAjaxRequest())
            {
                var insecureActionUrl = AppendQueryString(
                    request.QueryString,
                    _sslService.InsecureActionUrl(
                        filterContext.ActionDescriptor.ActionName,
                        filterContext.ActionDescriptor.ControllerDescriptor.ControllerName,
                        filterContext.RequestContext.RouteData.Values));

                filterContext.Result = new RedirectResult(insecureActionUrl);
            }
        }
 public bool GetRequiresSSL()
 {
     return(_secureSocketsLayerService.GetSettings().Enabled);
 }