Tusk Software Blog

How to force pages to *not* use SSL in ASP.NET MVC by creating a ForbidHttpsAttribute

Here's a quick one for you.

There are times when you want to require a page be transmitted over TLS (transport layer security) using SSL (secure sockets layer). Anytime you are transmitting sensitive information over the wire, requiring HTTPS is a good idea. We actually require SSL sitewide now because Google encourages it. We'll assume that you already know about the reasons for encrypting traffic and when to do so. However, there are times when you want just the opposite- you want requests to a page to *not* use TLS, just plain old HTTP.

So what are the reasons that you would want to to this?

Read on