Hi,

I have received my SSL from a provider and have installed it on my webserver. I have links in my site such as "../members/accounts.aspx", ../members/profile.aspx". I need to ensure that the use access these pages using SSL and I donot want to include the full "https://", how can I do this?

Additionally is there a way to change the users request to https if they were only using http?

Thanks

You can check if SSL is invoked by checking Request.IsSecureConnection. Look this up in the SDK for morei nformation.

If the page is called via SSL, then all relative links will be called with SSL, so you don't need to worry. You would only generate warnings if you used an absolute link on a page called via SSL.

Thanks rjdudley,

That helped; However, I am now noticing that when I do access a secure page (https://) and then move to a page that I do not want to be secure that the "https://" is remaining. I what to be able to switched between the two from secure to no-secure.

Any ideas?

Thanks

Hi, don't mean to hjack this thread but just have a question about using https. I am using Visual STudio .NET to do a website for a client. It is simply to take orders online and then to email the order to the owner website owner (my client). When taking CC details, I want to use SSL, however, as yet I am developing the website locally.

My question is how can I set it to use SSL just locally so I can test it, or is this not possible. What is the general procedure used by most developers? Should I develop the website using http everywhere and then when I have the secure server host, change the appropriate pages to https???

Of course I have IIS running on my Windows XP Pro, but I'm just a bit new to this. Thanks.

Two things come to mind. You could make the hyperlinks to the non-secure pages absolute links (http://www.yourdomain.com/somepage.aspx). Or, you could use the request.issecure trick in reverse, and if the page is not supposed to be secure, reload it using only HTTP.

I personally develop locally without SSL, and run final tests on the server under SSL. The main thing to be aware of is making sure your CC form is HTTPS once you get it on the server.

rjdudley,

Were you able to look at my last post seeing that this session was hijack?

Thanks

You need to use a full URI, that includes the http:// protocol. Then the user will switch from https:// back to http:// eg


a href="http://www.myserver.com/non_securepage.aspx">click here to go back to http</a>


Cheers
Ken

Ken,

Thanks for your reply. However, I want this to be transparent to the visitor. I have visited sites that switch for me automatically without me having to select which one I want.

Regards

Any ideas on this?

Thanks

This was actually a reply to your hijack post, I just wasn't really clear about that:

<quote>
Two things come to mind. You could make the hyperlinks to the non-secure pages absolute links (http://www.yourdomain.com/somepage.aspx). Or, you could use the request.issecure trick in reverse, and if the page is not supposed to be secure, reload it using only HTTP.
</quote>

Ken and I are both suggesting the same thing. This will be invisible to the user--they won't have to choose anything. They'll just click on a link.

There is a security setting that will throw up a message box if a user moved from a HTTPS to HTTP page. Most people disable this the first time they see the warning. Nothing you can do to change the warning.