tags:

views:

203

answers:

3

Hi,

I've got an ASMX web service that works great through an SSL conection, but I would like to make these web services inaccessible without SSL.

In web forms, I would just use the following code:

if (!Request.IsSecureConnection) Response.Redirect ("SomeOtherPage.aspx");

I know that WCF promises to be better in every way, but it's a real PITA to get something simple done with a tool as complicated as WCF.

John

A: 

Easy. Make a website in IIS that is only SSL and put this page in it. Don't allow non-SSL connections to this website

Hogan
+1  A: 

In IIS (I can't remember exactly which version so it may have moved) under the security tab of the website or virtual directory you can set it to 'require secure channel'. This will force it to require https unless I'm mistaken.

Bryan McLemore
+1  A: 

I have some other stuff on my site that is open to the public, so I chose not to take the IIS route. I did find a simple way in the asmx service to take care of the problem:

if (!this.Context.Request.IsSecureConnection)
    return null;
John Hoge