tags:

views:

442

answers:

1

I am putting together a retail site and want to know what the 'correct' way to implement an SSL in a .Net project is? I realise that that is a bit open ended but i find the MS documentation on the matter a little confusing. I want the whole site to use SSL, and I have also read that the cookie used must also have certain switches turned on in order that it not be transmitted, even whilst using an ssl, and sebsequently can be read in plain text.

I'm using forms authentication and have set in my web.config file for the site to 'requireSSL' how do I 'force' each page to use the connection etc.?

I am on a shared host but their end is configured to use SSL but I have to force my pages to use it etc...

So configured my web.config file to use SSL in conjunction to forms authentication, paid and installed my SSL on my host, what's next? Its all windows technology.

+1  A: 

Is your host IIS, and if so you can force SSL within IIS:

http://www.sslshopper.com/article-forcing-ssl-in-iis.html

Now once you have that, you can just build your app as normal.

This will force SSL on every page.

James Campbell