If you have the requirements to need to implement https / SSL in the asp.net application.
To avoid popup notifications for partial secured page in IE, make sure to modify references from http:// to https:// (e.g. image references, script sources, etc)
There are several way to implement the SSL in the applications, depends on the requirements :
1. Fully secured : All pages in the application will be using https://
2. Partial secured : Only certain pages in the application will be using https://, for example : login page, data submission page, reporting page, etc.
I found 2 interesting articles how to implement this partial SSL :
1. http://www.codeproject.com/useritems/switchprotocol.asp
This is a simplier solution for partial secured pages, but will need to recompile if suddenly the users need other pages to be secured :P
2. http://www.codeproject.com/aspnet/WebPageSecurity_v2.asp
This is more complete solution for partial secured pages, we can easily change the file / directory path that we need to secure in the configuration file.
PS : As you try the sample code, the session information can still be retrieved when switching from http to https vice versa.
There's a tool from microsoft called IISDiagnostic Tools, you can use the SSL Diagnostic to setup a temporary SSL certificate in your local, so you can use this to do the SSL testing locally.
http://www.microsoft.com/windowsserver2003/iis/diagnostictools/default.mspx
Tuesday, March 20, 2007
HTTP & HTTPS / SSL in ASP.Net Applications
Subscribe to:
Post Comments (Atom)
2 comments:
Thanx for the information. I am new at programming. I had to establish SSL between clint and server. Now I understood why and how. Keep posting. Thanx a lot.
How to transfer web application URL Http to Https using IIS Manager. Please follow the below steps:
1: Obtain a certificate from the IIS manager
2: Create an SSL binding
3: Verify the binding
4: configure ssl setting
for more details please visit:
http://www.etechpulse.com/2012/12/convert-http-web-url-to-https-using.html[^]