ASP.NET MVC - HTML.BeginForm and SSL

ASP.NET MVC - HTML.BeginForm and SSL

I am encountering an issue with what should be a simple logon form in ASP.NET MVC 2. Essentially my form looks a little something like this:

using (Html.BeginForm("LogOn", "Account", new { area = "Buyers" }, FormMethod.Post, new { ID = "buyersLogOnForm" })) 

I have a RequiresHTTPS filter on the LogOn Action method but when it executes I receive the following message

The requested resource can only be accessed via SSL

At this point the only solution that worked was to pass in an extra action htmlattribute as follows:

 var actionURL = "https://"  + Request.Url.Host + Request.Url.PathAndQuery;     using (Html.BeginForm("LogOn", "Account", new { area = "Buyers" }, FormMethod.Post, new { ID = "buyersLogOnForm", @action = actionURL })) 

While this works I wonder a) why i am seeing this issue in the first place and b) if there is a more straightforward way of posting to https from a http page?


I should have stated that the logon dropdown will be available on many public pages. I do not want all of my pages to be HTTPS. For instance, my hope page - which ANYONE can see - should not be HTTPS based. Essentially I need to specify the protocol in my form but have no idea how to do that, or if it is possible.

I would appreciate any advice/suggestions. Thanks in advance


What is the best practice for displaying the contents of a DataSet in MVC v1.0?


How to use TextBoxFor to update the many side of a relationship
You could use .
looking for suggestions on how i can highlight areas on an image
<form action =" <%= Url.Action( "action", "controller", ViewContext.RouteData.Values, "https" ) %>" method="post" > 

Wanting to mix server side ASP.Net MVC expansion in javascript file, but how… RenderPartial?

Problem with Primary Key in a Partial View shared by Create and Edit views


How to start a new ASP.NET MVC site?
Use the [RequireHttps] attribute on both the action that renders the form and the one you are posting to..
How can I determine the current controller action in an mvc sitemap?

Check ASP.NET MVC values (roles) from client (jQuery)


Update: Review the comments below about the security vulnerabilities of this approach before considering the use of this code.. I found that a hybrid of JP and Malcolm's code examples worked.

using (Html.BeginForm("Login", "Account", FormMethod.Post, new { @action = Url.Action("Login","Account",ViewContext.RouteData.Values,"https") })) 
Still felt a bit hacky though so I created a custom BeginForm helper.

The custom helper is cleaner and does not require https when running locally.

public static MvcForm BeginFormHttps(this HtmlHelper htmlHelper, string actionName, string controllerName)     {         TagBuilder form = new TagBuilder("form");         UrlHelper Url = new UrlHelper(htmlHelper.ViewContext.RequestContext);          //convert to https when deployed         string protocol = htmlHelper.ViewContext.HttpContext.Request.IsLocal == true? "http" : "https";          string formAction = Url.Action(actionName,controllerName,htmlHelper.ViewContext.RouteData.Values,protocol);         form.MergeAttribute("action", formAction);          FormMethod method = FormMethod.Post;         form.MergeAttribute("method", HtmlHelper.GetFormMethodString(method), true);          htmlHelper.ViewContext.Writer.Write(form.ToString(TagRenderMode.StartTag));          MvcForm mvcForm = new MvcForm(htmlHelper.ViewContext);          return mvcForm;     } 
Example usage:.
@using (Html.BeginFormHttps("Login", "Account")) 

62 out of 100 based on 57 user ratings 232 reviews