Hi,
I have read some articles regarding enabling SSL for website hosted in IIS6. I am not able to find the following info. Please anyone help me.
I have a website hosted in IIS 6. I want selected pages in that to be accessible thru ssl (https://). All other pages must be accessible only by http://.
I have successfully imported server certificate and checked specific pages as "Require SSL". But when an https page (say page1)is redirected to http page(page2), the latter(page2) is requested as https and not http. I have relative urls in all my links and server.transfers. so any transfer to non ssl page, thru relative url, from a ssl page is called as https.
Is there anyway to modify setting in IIS 6 so that http pages are not accessible by https requests. I tried writing a small piece of code in Application_BeginRequest() in global.asax.vb file.
'if page is not configured to Required SSL in IIS, redirect as http request
If
Request.IsSecureConnection = False And Request.Url.ToString().IndexOf("https://") >= 0 ThenResponse.Redirect(Request.Url.AbsoluteUri.Replace("https://", "http://"))
End If
The above code did not work, as Request.IsSecureConnection is based on whether Request is http or https and not if the page is ssl enabled or not.
Please let me know how to switch easily. Should we change the code in APP?
Thanks in advance!!