Internet Explorer redirect on all .Net Core project pages

Question

I'm a .Net Core beginner and look for a solution to protect the application from IE.

I got the following code working in Controller:

string userAgent = Request.Headers["User-Agent"].ToString();
var flagsIE = new [] {"MSIE", "Trident"};

if(flagsIE.Any(userAgent.Contains)){
    return RedirectToAction("BadBrowser");
}

Now if someone is trying to visit the page using IE, they get redirected to an info-page asking them to use a modern browser. Instead of adding this code to every single Controller.cs I would like to add it on project level, so that it get's executed independent from the location within of the project.

And, I know that this can be achieved with _Layout.cshtml, my question is: Where and how would I implement a function to get it executed for all requested views withing the project without adding it every single request within Controller.

Thank you in advance.

Answer 1

As Icepickle suggested, in the comments of my question, I used middleware in Startup.cs and got the desired result:

        app.Use(async (context,next) =>
            {
                string userAgent = context.Request.Headers["User-Agent"].ToString();
                var IEkeywords = new [] {"MSIE", "Trident"};

                if (IEkeywords.Any(userAgent.Contains)){
                    context.Response.Redirect("/IE/redirect/badbrowser.html");
                    return;
                }

                await next();
            });

Answer 2

You can try to add js in _Layout.cshtml to detect the browser is IE:

 <script>
        var isIE = false || !!document.documentMode;
        if (isIE) {
            window.location.href = "/Home/ForbidInfo";
        }

    </script>

Then create a view named ForbidInfo under Home controller which to show the message to user that he cannot use the IE to show views.

(Notes: this view's Layout must be null ,or it will enter an endless loop)

@{
    ViewData["Title"] = "ForbidInfo";
    Layout = null;
}

<h1>Please use a modern browser!</h1>

After these settings, when you running a view in IE, it will be redirected to the FordidInfo page.

If your page does not use _layout, then you need to add the js on the corresponding view separately to ensure that it will not be displayed in IE.

Answer 3

Never do that. Excluding browsers with redirects, is what lead to massive user agent spoofing. Effectively making that AgentId useless. And the way you wrote it, you may get a lot of false-positives.

It is also a bad idea from the early days of the internet, we are hoping to get rid off: https://en.wikipedia.org/wiki/User_agent#User_agent_spoofing