RequireHttpsAttribute RequireHttpsAttribute RequireHttpsAttribute Class


An authorization filter that confirms requests are received over HTTPS.

[System.AttributeUsage(System.AttributeTargets.Class | System.AttributeTargets.Method, AllowMultiple=false, Inherited=true)]
public class RequireHttpsAttribute : Attribute, Microsoft.AspNetCore.Mvc.Filters.IAuthorizationFilter, Microsoft.AspNetCore.Mvc.Filters.IOrderedFilter
type RequireHttpsAttribute = class
    inherit Attribute
    interface IAuthorizationFilter
    interface IFilterMetadata
    interface IOrderedFilter
Public Class RequireHttpsAttribute
Inherits Attribute
Implements IAuthorizationFilter, IOrderedFilter


RequireHttpsAttribute() RequireHttpsAttribute() RequireHttpsAttribute()


Order Order Order
Permanent Permanent Permanent

Specifies whether a permanent redirect, 301 Moved Permanently, should be used instead of a temporary redirect, 302 Found.


HandleNonHttpsRequest(AuthorizationFilterContext) HandleNonHttpsRequest(AuthorizationFilterContext) HandleNonHttpsRequest(AuthorizationFilterContext)

Called from OnAuthorization(AuthorizationFilterContext) if the request is not received over HTTPS. Expectation is Result will not be null after this method returns.

OnAuthorization(AuthorizationFilterContext) OnAuthorization(AuthorizationFilterContext) OnAuthorization(AuthorizationFilterContext)

Called early in the filter pipeline to confirm request is authorized. Confirms requests are received over HTTPS. Takes no action for HTTPS requests. Otherwise if it was a GET request, sets Result to a result which will redirect the client to the HTTPS version of the request URI. Otherwise, sets Result to a result which will set the status code to 403 (Forbidden).

Applies to