More fiddling with MVC3 and https

I blogged here about securing logon cookies in MVC3. After writing a custom attribute based on the [RequireHttps] attribute it turned out that the best way was to use the forms authentication properties in web.config instead.

But the custom attribute that I wrote ended up morphing into something that solves a different problem. When you use the [RequireHttps] attribute, you might notice that even when a user logs out they continue with an https connection on subsequent requests to your site. This is not a big problem, but I find it annoying since https is not needed anymore. A similar thing might happen if a user has accidentally bookmarked the https version of your site's homepage, in which case the encryption might be unnecessary.

So I changed my existing attribute class into the [LimitHttps] Attribute. It checks to see if you are using a secure connection AND are not authenticated, then switches you back to plain old http - unless you are visiting a route that requires https. This is how I'm using it:

1) add the [RequireHttps] attribute to Account\LogOn and Account\Register
2) set up forms authentication with requireSSL="true" in web.config
3) add this line to RegisterGlobalFilters() in Global.asax:
     filters.Add(new LimitHttpsAttribute());

You'll now find that the following things happen:

- https will be enforced when a user is logged in
  (this is due to the requireSSL property in web.config)

- if a user manually goes back to http, the login cookie will not be sent in the request
  (also due to the requireSSL property)

- The LogOn and Register views in the Account controller will always use SSL (https)
  (because we've added the [RequireHttps] attribute to them)

- when a user logs out, they will automatically revert back to http
  (which is done by the [LimitHttps] attribute we've added)

- if a user visits the homepage with https they will switch back to http
  (the [LimitHttps] attribute does this too)

The code can be downloaded by clicking below.
Download the [LimitHttps] attribute

MVC3 caching refactored

I was using this code here when doing some testing, but essentially the code looks like this: 

public static class CacheExtensions
{
    public static T GetOrStore<T>(this Cache cache, string key, Func<T> generator)
    {
        var result = cache[key];
        if (result == null)
        {
            result = generator();
            cache[key] = result;
        }
        return (T)result;
    }
}

...but I realised that it wasn’t actually doing much in the way of processing, and I wondered if it could be written more compactly.  So this is what I came up with:

 

public static class CacheExtensions

{

    public static T GetOrStore<T>(this Cache cache, string key, Func<T> generator) where T: class

    {

        return (cache[key] ?? (cache[key] = generator())) as T;

    }
}

As an old C programmer, I still like it when things can be done in a single line of code.

 

MicroPDP-11 installed inside the case

It was a rainy Sunday afternoon, so I decided to have a tidy up in my office/workshop/third bedroom. What actually happened was that I saw the grotty looking dusty case for my PDP-11 and decided to clean it (it was in pretty bad shape since I bought it). Having cleaned it I then decided to put the machine inside the actual case. So now the office looks just the same, except the PDP-11 looks much better. Some progress I suppose. Here are some photos of the end result:

In the case, image #1

In the case, image #2

Isn't she beautiful? During this process I have learned:

- the machine is much heavier than I remember
- I really need to find a front cover to finish it off
- the word "PDP-11" in english is apparently feminine

Now it's in one piece, I have even fired the machine up and can report that it still runs fine.  Phew!  I didn't break it.