Ask a Question related to ASP.NET Security, Design and Development.
-
Stephen Walch #1
Redirect to SSL for entire ASP.NET application
I wish to enforce SSL for an entire ASP.NET application (including the
custom authentication page and all other pages). To achieve this, I am
using the "Require SSL" on the Virtual Directory in IIS. This works, but
when users hit the non-SSL version of the page (http:/...) they get an ugly
error message. Is there a way to automatically redirect to the SSL version
of the page (https:/...) instead?
I have searched for information and tried a couple approaches that I could
not get to work on my system. What is the best way to do this on Windows
2003?
Thanks!
- Steve
Stephen Walch Guest
-
URL redirect in application file
hi, I am trying to direct users from a URL they can put directly in the browser. The URL they put in might look like this: ... -
redirect to guest if first redirect is doesnt work for a user
Hi all, I was wondering if anyone could help me solve a problem Once a user hits a certain webpage ..I try to redirect them to another using... -
Capturing the entire URL
Hello all, Been playing around with capturing the entire URL. I dont have any problems if it a file, i.e. http://www.mydomain.com/somefile.php, I... -
[PHP] Value for entire file
On Friday 18 July 2003 12:40, Uma Shankari T. wrote: You should be using correctly formed HTML: <a href="..." xxx="..."> echo $_GET; //... -
Redirect to New Browser Window like Response.Redirect
That worked just fine for me as long as you put that open statement on one line rather than 2. "michel" <michely3k@yahoo.com> wrote in... -
MSFT #2 RE: Redirect to SSL for entire ASP.NET application
Hi Steve,
In the IIS configration, you set a customized web page for a particular
error in "Custom Errors". For example, the error when you access your web
page with "http" is 403.4. You can specify the custom web page for this
error.
Luke
Microsoft Online Support
Get Secure! [url]www.microsoft.com/security[/url]
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
MSFT Guest
-
Stephen Walch #3 Re: Redirect to SSL for entire ASP.NET application
I do not want to specify a custom web page. I want to automatically
redirect each http: request to the corresponding https: request. Surely I
do not have to set up a mapping for each and every page?
"MSFT" <lukezhan@online.microsoft.com> wrote in message
news:ucwnbFgvDHA.3068@cpmsftngxa07.phx.gbl...> Hi Steve,
>
> In the IIS configration, you set a customized web page for a particular
> error in "Custom Errors". For example, the error when you access your web
> page with "http" is 403.4. You can specify the custom web page for this
> error.
>
> Luke
> Microsoft Online Support
>
> Get Secure! [url]www.microsoft.com/security[/url]
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>
Stephen Walch Guest
-
Brad #4 Re: Redirect to SSL for entire ASP.NET application
Stephen, something like the following would work for you.
VB.Net code in Global.asax:
Sub Application_BeginRequest(ByVal sender As [Object], ByVal e As EventArgs)
If Request.IsSecureConnection = False
Response.Redirect(Request.Url.ToString.Replace("ht tp:", "https:"))
End If
End Sub
One point that you probably already know: Once a client begins https with
your site then all request is that session should be https unless "http" is
hardcoded in somewhere or client manually mistypes a url.
Brad
"Stephen Walch" <swalch@proposion.com> wrote in message
news:OCuOC5kvDHA.2148@TK2MSFTNGP12.phx.gbl...web> I do not want to specify a custom web page. I want to automatically
> redirect each http: request to the corresponding https: request. Surely I
> do not have to set up a mapping for each and every page?
>
> "MSFT" <lukezhan@online.microsoft.com> wrote in message
> news:ucwnbFgvDHA.3068@cpmsftngxa07.phx.gbl...> > Hi Steve,
> >
> > In the IIS configration, you set a customized web page for a particular
> > error in "Custom Errors". For example, the error when you access your>> > page with "http" is 403.4. You can specify the custom web page for this
> > error.
> >
> > Luke
> > Microsoft Online Support
> >
> > Get Secure! [url]www.microsoft.com/security[/url]
> > (This posting is provided "AS IS", with no warranties, and confers no
> > rights.)
> >
>
Brad Guest
-
Stephen Walch #5 Re: Redirect to SSL for entire ASP.NET application
This solved our problem. Thanks!
"Brad" <nospam@co.lane.or.us> wrote in message
news:urRkY5nvDHA.2360@TK2MSFTNGP10.phx.gbl...EventArgs)> Stephen, something like the following would work for you.
>
> VB.Net code in Global.asax:
>
> Sub Application_BeginRequest(ByVal sender As [Object], ByVal e Asis> If Request.IsSecureConnection = False
> Response.Redirect(Request.Url.ToString.Replace("ht tp:", "https:"))
> End If
> End Sub
>
> One point that you probably already know: Once a client begins https with
> your site then all request is that session should be https unless "http"I> hardcoded in somewhere or client manually mistypes a url.
>
>
> Brad
>
>
> "Stephen Walch" <swalch@proposion.com> wrote in message
> news:OCuOC5kvDHA.2148@TK2MSFTNGP12.phx.gbl...> > I do not want to specify a custom web page. I want to automatically
> > redirect each http: request to the corresponding https: request. Surelyparticular> > do not have to set up a mapping for each and every page?
> >
> > "MSFT" <lukezhan@online.microsoft.com> wrote in message
> > news:ucwnbFgvDHA.3068@cpmsftngxa07.phx.gbl...> > > Hi Steve,
> > >
> > > In the IIS configration, you set a customized web page for athis> web> > > error in "Custom Errors". For example, the error when you access your> > > page with "http" is 403.4. You can specify the custom web page for>> >> > > error.
> > >
> > > Luke
> > > Microsoft Online Support
> > >
> > > Get Secure! [url]www.microsoft.com/security[/url]
> > > (This posting is provided "AS IS", with no warranties, and confers no
> > > rights.)
> > >
> >
>
Stephen Walch Guest
-
Redirect to SSL for entire ASP.NET application
include the following in the head section :
<%
If Request.ServerVariables("SERVER_PORT")=80 Then
Dim strSecureURL as string
strSecureURL = "https://"
strSecureURL = strSecureURL & Request.ServerVariables
("SERVER_NAME")
strSecureURL = strSecureURL & Request.ServerVariables
("URL")
Response.Redirect(strSecureURL)
End If
%>
this forces the page to load over SSL
Hope it helps.
Arno Broeders
(including the>-----Original Message-----
>I wish to enforce SSL for an entire ASP.NET applicationachieve this, I am>custom authentication page and all other pages). ToThis works, but>using the "Require SSL" on the Virtual Directory in IIS.(http:/...) they get an ugly>when users hit the non-SSL version of the pageto the SSL version>error message. Is there a way to automatically redirectapproaches that I could>of the page (https:/...) instead?
>
>I have searched for information and tried a couplethis on Windows>not get to work on my system. What is the best way to do>2003?
>
>Thanks!
>- Steve
>
>
>.
>Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
