Last post Oct 06, 2008 07:13 PM by spbtech
Oct 03, 2008 07:20 PM|spbtech|LINK
I have developed a site and its SSL enabled. The web site is as https://employee/salesdept/ for the sales employee to login. if the user types without the S. ie.
http://employee/salesdept/ it gives an error page as Secure channel required. let me know how i can redirect this type of entry by the users to
https://employee/salesdept/ automatically and display them the login page to logon. i think there would be some way to do this is IIS server. Any info regarding this would be helpful.
Oct 03, 2008 10:53 PM|AMR_PHASE|LINK
this should apply...
Oct 03, 2008 10:55 PM|gpgpu|LINK
In the Page_Load method of the code_behind of your login page (or the very first page), you can use Request.ServerVariables[xxx] to determine the URL information. So, if it is
http://employee/salesdent/, you can do: Response.Redirect(https://employee/salesdept).
I ever used server port to do this kind of redirection
if (Request.ServerVariales[SERVER_PORT] == "80) Response.Redirect(xxxxxx);
But you can certainlyl use other server variables based on your situation.
Hope this will help.
Oct 03, 2008 11:07 PM|AMR_PHASE|LINK
another option is to to check the Request.IsSecureConnection property. This way you are not dependant on the port number... just in case you have a website on a different port...
Oct 06, 2008 07:13 PM|spbtech|LINK
Thanks for your reply. I have found out the best way to configure it in IIS. Hope this would be an info for others who face similar issues.
Open IIS Manager and select properties for the website for which you want to require SSL. For TCP port, enter any unused port other than port 80 (the default HTTP port). For example, use 8888. For SSL port, enter the default SSL port, which is 443. Now go
to the Directory Security tab... Secure communications... Edit... Set the "Require secure channel (SSL)" (required) and "Require 128-bit encryption" (optional, but recommended). Restart IIS. Browse to
http://server.example.com:8888 now and you will get "The page must be viewed over a secure channel". So far, so good.
Create a brand new IIS website by right-clicking... New... Web site... Click Next and give the website a name such as "Redirect to SSL". Click Next... For TCP port, choose port 80, the default HTTP port. For path, point it to c:\inetpub\wwwroot. (It doesn't
really matter as we'll be changing this in a minute.) Click Next... Give it Read permissions. Click Next... Finish... to create the website. Right-click, properties on the new website. Select the Home Directory tab. Change "The content for this resource should
come from:" to "A redirection to a URL". In the "Redirect to:" textbox, enter
https://server.example.com. You can also optionally select "A permanent redirection for this resource", which will cause bookmarks to update to the new URL. DO NOT, I repeat, DO NOT select "The exact URL entered above" or "A directory below URL entered".
Restart IIS. Now browse to http://server.example.com and you'll be redirected to the SSL site. Note that the path portion of the URL is preserved and only the protocol and server are modified. So
http://server.example.com/some/path/deep/within/my/app.aspx will redirect to
https://server.example.com/some/path/deep/within/my/app.aspx just by applying the redirection steps noted above.
N.B. The redirect URL is sent back to the client. So if you type
https://localhost as the redirect, the client browser will try to redirect to localhost on the client's machine, which probably won't exist. Same thing goes for NetBIOS names. (e.g.
https://server rather than