Added support to RequireHttpsAttribute for HTTP 301 permanent redirects.

Author: martincostello

src/System.Web.Mvc/RequireHttpsAttribute.cs

@@ -9,6 +9,25 @@ namespace System.Web.Mvc
     [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
     public class RequireHttpsAttribute : FilterAttribute, IAuthorizationFilter
     {
+        public RequireHttpsAttribute()
+            : this(permanent: false)
+        {
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="RequireHttpsAttribute"/> class.
+        /// </summary>
+        /// <param name="permanent">Whether the redirect to HTTPS should be a permanent redirect.</param>
+        public RequireHttpsAttribute(bool permanent)
+        {
+            this.Permanent = permanent;
+        }
+
+        /// <summary>
+        /// Gets a value indicating whether the redirect to HTTPS should be a permanent redirect.
+        /// </summary>
+        public bool Permanent { get; private set; }
+
         public virtual void OnAuthorization(AuthorizationContext filterContext)
         {
             if (filterContext == null)
@@ -34,7 +53,7 @@ protected virtual void HandleNonHttpsRequest(AuthorizationContext filterContext)
 
             // redirect to HTTPS version of page
             string url = "https://" + filterContext.HttpContext.Request.Url.Host + filterContext.HttpContext.Request.RawUrl;
-            filterContext.Result = new RedirectResult(url);
+            filterContext.Result = new RedirectResult(url, this.Permanent);
         }
     }
 }

test/System.Web.Mvc.Test/Test/RequireHttpsAttributeTest.cs

@@ -64,8 +64,36 @@ public void OnAuthorizationRedirectsIfRequestIsNotSecureAndMethodIsGet()
             RedirectResult result = authContext.Result as RedirectResult;
 
             // Assert
+            Assert.IsFalse(attr.Permanent);
             Assert.NotNull(result);
             Assert.Equal("https://www.example.com/alpha/bravo/charlie?q=quux", result.Url);
+            Assert.IsFalse(result.Permanent);
+        }
+
+        [Theory]
+        [InlineData(false)]
+        [InlineData(true)]
+        public void OnAuthorizationRedirectsIfPermanentConstructorParameterIsAndRequestIsNotSecureAndMethodIsGet(bool permanent)
+        {
+            // Arrange
+            Mock<AuthorizationContext> mockAuthContext = new Mock<AuthorizationContext>();
+            mockAuthContext.Setup(c => c.HttpContext.Request.HttpMethod).Returns("get");
+            mockAuthContext.Setup(c => c.HttpContext.Request.IsSecureConnection).Returns(false);
+            mockAuthContext.Setup(c => c.HttpContext.Request.RawUrl).Returns("/alpha/bravo/charlie?q=quux");
+            mockAuthContext.Setup(c => c.HttpContext.Request.Url).Returns(new Uri("http://www.example.com:8080/foo/bar/baz"));
+            AuthorizationContext authContext = mockAuthContext.Object;
+
+            RequireHttpsAttribute attr = new RequireHttpsAttribute(permanent);
+
+            // Act
+            attr.OnAuthorization(authContext);
+            RedirectResult result = authContext.Result as RedirectResult;
+
+            // Assert
+            Assert.Equal(permanent, attr.Permanent);
+            Assert.NotNull(result);
+            Assert.Equal("https://www.example.com/alpha/bravo/charlie?q=quux", result.Url);
+            Assert.Equal(permanent, result.Permanent);
         }
 
         [Fact]