Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Ensure page is only accessed via SSL

Tags:

c#

asp.net

ssl

How do I ensure that my users can not physically type in http: to bypass my SSL and ensure that every page is https:?

Possibly a redirect on my master page?

like image 526
Collin Estes Avatar asked Mar 26 '09 14:03

Collin Estes

People also ask

How do I protect my website with SSL?

Visitors to your website will be warned about the certificate's lack of validity in their browser. To secure your website with a self-signed certificate, you need to generate one first. To do so, go to Websites & Domains > your website > SSL/TLS Certificates > “Advanced Settings” > and click Add SSL/TLS Certificate.

How do you check SSL is enabled or not?

To check an SSL certificate on any website, all you need to do is follow two simple steps. First, check if the URL of the website begins with HTTPS, where S indicates it has an SSL certificate. Second, click on the padlock icon on the address bar to check all the detailed information related to the certificate.

What is the difference between HTTPS and SSL?

More Secure – HTTPS or SSL: HTTPS and SSL are similar things but not the same. HTTPS basically a standard Internet protocol that makes the online data to be encrypted and is a more advanced and secure version of the HTTP protocol. SSL is a part of the HTTPS protocol that performs the encryption of the data.

What does enforcing SSL on your website do?

In short: SSL keeps internet connections secure and prevents criminals from reading or modifying information transferred between two systems. When you see a padlock icon next to the URL in the address bar, that means SSL protects the website you are visiting.

3 Answers

This would generally be handled via IIS configuration or with an ISAPI filter, but if you want to do it in the application code, you could put something like this in the Page_Init event of your master page...

If Not Request.IsSecure
    Response.Redirect(Request.Url.AbsoluteUri.Replace("http://", "https://"))
End If
like image 120
Josh Stodola Avatar answered Sep 20 '22 20:09

Josh Stodola

I would just redirect all http urls to https with a separate page, or use the "require secure channel" option on your IIS configuration, which will display an error if someone tries to access a non-https page.

Here's a site with a guide to redirecting the error page to the https URL of your site.

like image 39
Alex Fort Avatar answered Sep 19 '22 20:09

Alex Fort

The following builds upon Josh Stodolas answer (IsSecureConnection) but uses the UriBuilder to change the scheme to https rather than a string replace. The benefit of this approach is that it won't change all the occurrences of "http" in the URL to "https".

if (!Request.IsSecureConnection)
{
    UriBuilder newUri = new UriBuilder(Request.Url);
    newUri.Scheme = Uri.UriSchemeHttps;
    Response.Redirect(newUri.Uri.AbsoluteUri);
}
like image 26
Daniel Ballinger Avatar answered Sep 21 '22 20:09

Daniel Ballinger
Sign in to Comment

Related questions

iPhone programming - impressions, opinions?
Reading compound documents in c#
VB.NET generics to C# syntax
Printing to a client printer from a web app
Should I dynamically recreate a PDF, rather than store it in either the database or the filesystem?
Inversion of Control with .net
Constructor injection and default overloads
Reading xml file from a resource
csproj.user file in C# sln
Background Intelligent Transfer Service In C#
Very, very large C# floating-point numbers
FindLast on IEnumerable
Export to Excel from a Repeater?
C# Settings Management
Make methods/properties visible to one class, hidden to others
How can I retrieve first item from a Collection?
Delete dynamically generated PDF file immediately after it has been displayed to user
It this an example of the Single Responsibility Principle?
How does StackOverflow optimise the performance for the display of the questions?
reusing the backgroundworker more than once

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!