I have a website with dotnet application which is a http site. i have to change a single page in the site into https page. ie., for ex.. if i have http://www.yahoo.com/inbox.aspx,... i have to change it to https://www.yahoo.com/inbox.aspx...... Further,
my site is already RSA secured. I have SSL certificate also. Iam working with IIS server in windows XP. Anybody pls tell me the steps to convert Http to Https using SSL in Asp.Net?
Normally you should put pages you need to protect with SSL in a separate directory and install your certificate just for that directory. But for a single page, you could install the certificate in IIS and then make all links to that page using the full URL,
including https:.
Have you installed your certificate in IIS yet?
Don
Don Kiely, MCP, MCSD
In the Last Frontier, Interior Alaska
Please post questions and replies to the forum! And remember to MARK AS ANSWER when someone definitively answers a question or resolves a problem!
Don is correct in the way you should be managing secure content with folders, but if that is not an option for you the following code might be helpful:
if (!Request.IsSecureConnection)
{
Response.Redirect(Request.RawUrl.Replace("http://", "https://"));
return;
}
Don is correct in the way you should be managing secure content with folders, but if that is not an option for you the following code might be helpful:
if (!Request.IsSecureConnection)
{
Response.Redirect(Request.RawUrl.Replace("http://", "https://"));
return;
}
Hi Matt,
The reason I didn't suggest a technique like that is that the data is posted from the page without encryption, then redirected and reposted using encryption. So it travels over the network once as clear text, rather than the entire exchange being protected.
I haven't thought about this in a while. I wonder if there is a secure way of doing this? Hmm....
Don
Don Kiely, MCP, MCSD
In the Last Frontier, Interior Alaska
Please post questions and replies to the forum! And remember to MARK AS ANSWER when someone definitively answers a question or resolves a problem!
I thought he said that the user was redirected to the login page. I was assuming that this was a GET request. If there is a form in the application that has action="http://...", there will be nothing the server can do to stop a non-secure POST.
If you have made a user control for logging in, then you will most likely want to make the entire application run under https, otherwise you will have to jump through hoops everytime you add the login control to a page. It sounds like you have it in a MasterPage
anyway, so just secure the whole site.
I didn't see anything about it being a login page. But you're right, if ASP.NET is going to automatically move you to another page, that brings up other problems.
Thanks,
Don
Don Kiely, MCP, MCSD
In the Last Frontier, Interior Alaska
Please post questions and replies to the forum! And remember to MARK AS ANSWER when someone definitively answers a question or resolves a problem!
Yeah I'm not sure where I got the whole login idea. I think my orginal idea works for this case though as long as you don't do anything funny elsewhere in the application like cross page posting from non-secure url.
//this is the current url
System.Uri currentUrl = System.Web.HttpContext.Current.Request.Url;
//don't redirect if this is localhost
if(!currentUrl.IsLoopback){
if(!currentUrl.Scheme.Equals("https",StringComparison.CurrentCultureIgnoreCase)) {
//build the secure uri
System.UriBuilder secureUrlBuilder = new
UriBuilder(currentUrl);
secureUrlBuilder.Scheme =
"https";
//use the
default port.
secureUrlBuilder.Port =
-1;
//redirect and end the
response.
System.Web.HttpContext.Current.Response.Redirect(secureUrlBuilder.Uri.ToString(),true);
}
}
Courtesy of https://www.ultimasupport.net/Customer/KBArticle.aspx?articleid=34
A nice alternate technique. I don't often think of UriBuilder, but it is a useful class.
Unfortunately, it still means that the original data is posted in cleartext before the redirect.
Thanks,
Don
Don Kiely, MCP, MCSD
In the Last Frontier, Interior Alaska
Please post questions and replies to the forum! And remember to MARK AS ANSWER when someone definitively answers a question or resolves a problem!
vijay_83
Member
45 Points
35 Posts
How to convert Http into Https using SSL in IIS?
Jun 09, 2007 06:34 AM|LINK
Hi,
I have a website with dotnet application which is a http site. i have to change a single page in the site into https page. ie., for ex.. if i have http://www.yahoo.com/inbox.aspx,... i have to change it to https://www.yahoo.com/inbox.aspx...... Further, my site is already RSA secured. I have SSL certificate also. Iam working with IIS server in windows XP. Anybody pls tell me the steps to convert Http to Https using SSL in Asp.Net?
Regards
Vijay.
donkiely
All-Star
15929 Points
2518 Posts
ASPInsiders
Moderator
MVP
Re: How to convert Http into Https using SSL in IIS?
Jun 09, 2007 03:46 PM|LINK
Normally you should put pages you need to protect with SSL in a separate directory and install your certificate just for that directory. But for a single page, you could install the certificate in IIS and then make all links to that page using the full URL, including https:.
Have you installed your certificate in IIS yet?
Don
In the Last Frontier, Interior Alaska
Please post questions and replies to the forum! And remember to MARK AS ANSWER when someone definitively answers a question or resolves a problem!
Matt-dot-net
Contributor
5262 Points
989 Posts
Re: How to convert Http into Https using SSL in IIS?
Jun 09, 2007 07:24 PM|LINK
Don is correct in the way you should be managing secure content with folders, but if that is not an option for you the following code might be helpful:
if (!Request.IsSecureConnection) { Response.Redirect(Request.RawUrl.Replace("http://", "https://")); return; }donkiely
All-Star
15929 Points
2518 Posts
ASPInsiders
Moderator
MVP
Re: How to convert Http into Https using SSL in IIS?
Jun 09, 2007 07:59 PM|LINK
Hi Matt,
The reason I didn't suggest a technique like that is that the data is posted from the page without encryption, then redirected and reposted using encryption. So it travels over the network once as clear text, rather than the entire exchange being protected.
I haven't thought about this in a while. I wonder if there is a secure way of doing this? Hmm....
Don
In the Last Frontier, Interior Alaska
Please post questions and replies to the forum! And remember to MARK AS ANSWER when someone definitively answers a question or resolves a problem!
Matt-dot-net
Contributor
5262 Points
989 Posts
Re: How to convert Http into Https using SSL in IIS?
Jun 09, 2007 08:13 PM|LINK
Hi Don,
I thought he said that the user was redirected to the login page. I was assuming that this was a GET request. If there is a form in the application that has action="http://...", there will be nothing the server can do to stop a non-secure POST.
If you have made a user control for logging in, then you will most likely want to make the entire application run under https, otherwise you will have to jump through hoops everytime you add the login control to a page. It sounds like you have it in a MasterPage anyway, so just secure the whole site.
Matt
donkiely
All-Star
15929 Points
2518 Posts
ASPInsiders
Moderator
MVP
Re: How to convert Http into Https using SSL in IIS?
Jun 10, 2007 12:21 AM|LINK
Matt,
I didn't see anything about it being a login page. But you're right, if ASP.NET is going to automatically move you to another page, that brings up other problems.
Thanks,
Don
In the Last Frontier, Interior Alaska
Please post questions and replies to the forum! And remember to MARK AS ANSWER when someone definitively answers a question or resolves a problem!
Matt-dot-net
Contributor
5262 Points
989 Posts
Re: How to convert Http into Https using SSL in IIS?
Jun 10, 2007 12:36 AM|LINK
Yeah I'm not sure where I got the whole login idea. I think my orginal idea works for this case though as long as you don't do anything funny elsewhere in the application like cross page posting from non-secure url.
ausidevelope...
Member
192 Points
43 Posts
Re: How to convert Http into Https using SSL in IIS?
Jun 10, 2007 11:22 AM|LINK
//this is the current url System.Uri currentUrl = System.Web.HttpContext.Current.Request.Url; //don't redirect if this is localhost if(!currentUrl.IsLoopback){ if(!currentUrl.Scheme.Equals("https",StringComparison.CurrentCultureIgnoreCase)) { //build the secure uri System.UriBuilder secureUrlBuilder = new UriBuilder(currentUrl); secureUrlBuilder.Scheme = "https"; //use the default port. secureUrlBuilder.Port = -1; //redirect and end the response. System.Web.HttpContext.Current.Response.Redirect(secureUrlBuilder.Uri.ToString(),true); } }Courtesy of https://www.ultimasupport.net/Customer/KBArticle.aspx?articleid=34
donkiely
All-Star
15929 Points
2518 Posts
ASPInsiders
Moderator
MVP
Re: How to convert Http into Https using SSL in IIS?
Jun 10, 2007 06:29 PM|LINK
ausideveloper,
A nice alternate technique. I don't often think of UriBuilder, but it is a useful class.
Unfortunately, it still means that the original data is posted in cleartext before the redirect.
Thanks,
Don
In the Last Frontier, Interior Alaska
Please post questions and replies to the forum! And remember to MARK AS ANSWER when someone definitively answers a question or resolves a problem!
Manmadhan
Member
67 Points
165 Posts
Re: How to convert Http into Https using SSL in IIS?
Oct 06, 2008 08:30 PM|LINK
Happened to go through this post. So is there any way to pass http:// to https:// in a secure way without using cleartext?
Kichu.