ASP.NET

changing from HTTP to HTTPS, any recommendations? RSS

6 replies

Last post Nov 13, 2012 04:16 PM by jprochazka

‹ Previous Thread|Next Thread ›

- Reply
Just64

0 Points

5 Posts

changing from HTTP to HTTPS, any recommendations?

Oct 22, 2012 03:36 PM|LINK

I have an app that is on a HTTP link. Now i have been requested to change that to HTTPS. I never do this before so i started to read some info but to save time i want to ask here: Its some advice that anyone could give about this topic?

Its all IIS configuration or should i change something on my code?

Thanks in advance.
- Edited by just64 on Oct 22, 2012 03:46 PM
- Edited by just64 on Oct 22, 2012 03:47 PM
- Reply
inquisitive_...

Contributor

3421 Points

575 Posts

Re: changing from HTTP to HTTPS, any recommendations?

Oct 22, 2012 03:50 PM|LINK

Its all IIS configuration

Yes

or should i change something on my code?

If you have url's in your html code(i.e, style sheets,js links etc), c# code with http then change it to https after you configure the IIS

*** If this post helps you, then Mark this post as Answer ***

while(1)
- Reply
jprochazka

Contributor

4822 Points

733 Posts
Re: changing from HTTP to HTTPS, any recommendations?

Oct 22, 2012 03:58 PM|LINK
No server side configuration is necessary just make sure https is enabled for the site in IIS.

You can easily force https using the application's Global.asax file by adding the following code in the "Application_BeginRequest" method. This code will change any remote request from a http request to an https request however you will still be able to develop locally and requests to localhost will not be forced to use https.

C#
```
protected void Application_BeginRequest(Object sender, EventArgs e)
{
    if (HttpContext.Current.Request.IsSecureConnection.Equals(false) && HttpContext.Current.Request.IsLocal.Equals(false))
    {
        Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"] + HttpContext.Current.Request.RawUrl);
    }
}
```
VB.NET
```
Protected Sub Application_BeginRequest(sender As [Object], e As EventArgs)
    If HttpContext.Current.Request.IsSecureConnection.Equals(False) AndAlso HttpContext.Current.Request.IsLocal.Equals(False) Then
        Response.Redirect("https://" + Request.ServerVariables("HTTP_HOST") + HttpContext.Current.Request.RawUrl)
    End If
End Sub
```
- Edited by jprochazka on Oct 22, 2012 04:01 PM
- Edited by jprochazka on Oct 22, 2012 04:02 PM
- Edited by jprochazka on Oct 22, 2012 04:03 PM
- Edited by jprochazka on Oct 22, 2012 04:04 PM
- Edited by jprochazka on Oct 22, 2012 04:04 PM
- Edited by jprochazka on Oct 22, 2012 04:05 PM
- Edited by jprochazka on Oct 22, 2012 04:06 PM
- Edited by jprochazka on Oct 22, 2012 04:07 PM
- Edited by jprochazka on Oct 22, 2012 04:08 PM
- Edited by jprochazka on Oct 22, 2012 04:08 PM
- Edited by jprochazka on Oct 22, 2012 04:09 PM
- Edited by jprochazka on Oct 22, 2012 04:12 PM
- Edited by jprochazka on Oct 22, 2012 04:12 PM
- Edited by jprochazka on Oct 22, 2012 04:13 PM
- Edited by jprochazka on Oct 22, 2012 04:14 PM
- Reply
Steven Cheng...

Contributor

4197 Points

547 Posts

Microsoft
Moderator

Re: changing from HTTP to HTTPS, any recommendations?

Oct 23, 2012 06:53 AM|LINK

Hi Just64,

To enable HTTPS/SSL on your ASP.NET web application, I think the most work to do is at IIS side. You will need to add the HTTPs binding (with SSL certificate) in the IIS website (where your ASP.NET web app is deployed) and make sure your web app's virtual directory is also using https.

#How to Set Up SSL on IIS 7
http://www.iis.net/learn/manage/conifiguring-security/how-to-set-up-ssl-on-iis

And in case you might need to do some code to programmmtically switch between HTTPS and plain HTTP for page navigation, you can take a look at the following web articles:

#Switching Between HTTP and HTTPS Automatically
http://www.codeproject.com/Articles/5523/Switching-Between-HTTP-and-HTTPS-Automatically

#How to use HTTPS in an ASP.Net Application
http://stackoverflow.com/questions/539732/how-to-use-https-in-an-asp-net-application

If there are WCF services in your ASP.NET web applications, then things get much more complicated. In addition to the IIS side configuration, you need to also adjust your WCF service's configuration so as to make sure it support HTTPS (for transport security) or simply ignore it if you do not want your WCF service to use HTTPS.

#Transport Security Overview
http://msdn.microsoft.com/en-us/library/ms729700.aspx

#Hosting WCF 4.0 Service on IIS 7.5 with SSL
http://www.dotnetcurry.com/ShowArticle.aspx?ID=487

Please mark the replies as answers if they help or unmark if not.
Feedback to us
Microsoft One Code Framework
- Marked as answer by Catherine Shan - MSFT on Oct 29, 2012 02:07 AM
- Reply
Just64

0 Points

5 Posts

Re: changing from HTTP to HTTPS, any recommendations?

Oct 31, 2012 03:08 PM|LINK

Sorry for my late responce, but i have been kinda busy latelly.

In fact there are plenity of WCF services. And this application need to be run both on HTTP and HTTPS. So i think i ll have to make a project that controls the creation of the object depending on context that is required. Any idea will be welcome.

Thanks!
- Reply
Just64

0 Points

5 Posts

Re: changing from HTTP to HTTPS, any recommendations?

Nov 12, 2012 12:01 PM|LINK

I think im going make all the app to run on HTTPS. Its going to be a problem to redirect the old HTTP site the new HTTPS site?
- Reply
jprochazka

Contributor

4822 Points

733 Posts

Re: changing from HTTP to HTTPS, any recommendations?

Nov 13, 2012 04:16 PM|LINK

Not if you use the code I posted above.