Background: I have a asp.net webapplication project that should contain a public and a member area. Now I want to implement a SSL decription to secure communication between the client and the server. (In the university we have an unsecured wireless network and you can use a wlan sniffer to read username/password. I do not want to have this security problem for my application, so I thought of a ssl decription)
The application is running on a IIS 7.5. Is it possible to have one webapp that has unsecured pages (like the public area) and a secured area (like the member area, which requires a login)? If yes, how can I relealise the communication between these too areas?
Example:
My webapp is hosted on http://foo.abc
.
I have pages like http://foo.abc/default.aspx
and http://foo.abc/foo.aspx
.
In the same project there is a page like /member/default.aspx
which is protected by a login on the page http://foo.abc/login.aspx
.
So I would need to implement SSL for the page /login.aspx
and all pages in /member/
How can I do that? I just found out how to create SSL certificates in IIS 7.5 and how to add such a binding to a webapp. How how can I tell my webapp which page should be called with https and not with http. What is the best practise there?
From here How to use HTTPS in an ASP.Net Application
After you get SSL setup/installed, you want to do some sort of redirect on the login page to https://. Then whatever page the user is sent to after validation, it can just be http://.
Protected Sub Page_PreRender(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.PreRender
If Request.IsSecureConnection = False And _
Not Request.Url.Host.Contains("localhost") Then
Response.Redirect(Request.Url.AbsoluteUri.Replace("http://", "https://"))
End If End Sub
This may be easier to implement on a master page or just all the pages you require https. By checking for "localhost" you will avoid getting an error in your testing environment (Unless your test server has another name than check for that: "mytestservername").
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With