Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to use HTTPS in an ASP.Net Application

Tags:

asp.net

https

I want to use HTTPS in my ASP.NET web application, but only for the Login.aspx page.

How can this be accomplished?

like image 499
Mon Aung Avatar asked Feb 12 '09 02:02

Mon Aung


People also ask

What is SSL in asp net?

Secure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.


2 Answers

  1. First get or create a certificate

  2. Get the SecureWebPageModule module from http://www.codeproject.com/Articles/7206/Switching-Between-HTTP-and-HTTPS-Automatically-Ver. Instructions for setup can be found in the article.

  3. Add secureWebPages tag to web.config

    <configuration>     ...     <secureWebPages enabled="true">         ...     </secureWebPages>     ...     <system.web>         ...     </system.web> </configuration> 
  4. Add files and directories to be use for https protocol:

    <secureWebPages enabled="true">     <file path="Login.aspx" />     <file path="Admin/Calendar.aspx" ignore="True" />     <file path="Members/Users.aspx" />     <directory path="Admin" />     <directory path="Members/Secure" /> </secureWebPages>  

Hope this helps!

like image 171
Talley Avatar answered Sep 30 '22 08:09

Talley


You can publish your own certificate or you can purchase one. The caveat is that purchasing one, depending on the company, means that it's already stored in the certificate store for most browsers. Your self published one will not be and your users will have to take the extra step of installing your cert.

You don't say what version of IIS you're using, but here are some detailed instructions for IIS 6

You can purchase relatively cheap certs or you can go with the big boys (verisign) and get an extended validation certificate which turns your address bar in IE, green. It's also a somewhat rigorous validation process and takes time.

If you know all of the users that will be hitting your website, there's no problem with installing your own. However, for an open website with anonymous users (that you don't know), it's probably best to purchase one that is already in most major browsers, certificate stores.

You can enable SSL via IIS and require it for only your login.aspx page and not for the rest.

like image 29
GregD Avatar answered Sep 30 '22 07:09

GregD