tags:

views:

339

answers:

5
+1  Q: 

Switch to SSL using a relative URL

I would like to create a relative link that switches the current protocol from http to https. The last place I worked had something set up on the server so that you could make that happen, but I don't remember much about it and I never knew how it worked.

The rationale for this is that I wouldn't need to hardcode server names in files that need to move in between production and development environments.

Is there a way for this to work in IIS 6.0?

Edit:

I am using .NET, but the "link" I'm creating will not be dynamically generated. If you really want the nitty gritty details, I am using a redirect macro in Umbraco that requires a URL to be passed in.

A: 

Which language/framework are you using?

You should be able to create your own function in which you pass in the relative page and you deduce from the HttpRequest object and the Server object (again depending on the language or framework) what the host and URL are and then just simply redirect to that URL but with https as a prefix.

Adam  2009-12-04 21:23:54
Also if you want to get really fancy you could create an overload for this function that if you don't provide the page name in the parameter then it just reads it from the HttpRequest object.
Adam  2009-12-04 21:28:29
A: 

Here is a good CodeProject article on doing this by specifying certain directories and files that you want to use SSL. It will automatically switch these to and from https based on your needs.

I've use this for a project, and it works really well.

AaronS  2009-12-04 21:33:52
That's looks interesting, but I'm not sure it will actually work in my case. The directory that I'm linking to already has the Umbraco back office application sitting there.
Shea Daniels  2009-12-04 21:43:11
All this does is look at the directory or file that the person is trying to hit, and if it's configured to be secure (in the web.config) it just redirects them from http to https. It shouldn't matter what else is in the directory.
AaronS  2009-12-04 21:57:26
+1  A: 

Here's a simple solution in VB.NET:

Imports System.Web.HttpContext

Public Shared Sub SetSSL(Optional ByVal bEnable As Boolean = False)
  If bEnable Then
    If Not Current.Request.IsSecureConnection Then
      Dim strHTTPS As String = "https://www.mysite.com"
      Current.Response.Clear()
      Current.Response.Status = "301 Moved Permanently"
      Current.Response.AddHeader("Location", strHTTPS & Current.Request.RawUrl)
      Current.Response.End()
    End If
  Else
    If Current.Request.IsSecureConnection Then
      Dim strHTTP As String = "http://www.mysite.com"
      Current.Response.Clear()
      Current.Response.Status = "301 Moved Permanently"
      Current.Response.AddHeader("Location", strHTTP & Current.Request.RawUrl)
      Current.Response.End()
    End If
  End If
End Sub

Usage:

'Enable SSL
SetSSL(True)

'Disable SSL
SetSSL(False)

You could add this to the Page_Load of each of your pages. Or you could do something like I did and create a list of folders or pages that you want secured in your global.asax and set the SSL accordingly in the Application_BeginRequest method. And this will work with relative links and the HTTP or HTTPS status of a page will always be what you tell it to be in the code.

I have this code in place on several websites. But as an example, if you go to https://www.techinsurance.com you'll notice it automatically redirects to http because the home page doesn't need to be secured. And the reverse will happen if you try to hit a page that needs to be secured such as http://www.techinsurance.com/quote/login.aspx

You may notice that I'm using 301 (permanent) redirects. The side benefit here is that search engines will update their index based on a 301 redirect code.

Steve Wortham  2009-12-04 22:39:43
A: 

This is the same answer I gave here:

Yes you can. I recommend this free open source DLL that lets you designate which pages and folders need SSL and which don't:

http://www.codeproject.com/KB/web-security/WebPageSecurity_v2.aspx

So you can setup a page to be secure in your web.config like this:

<secureWebPages encryptedUri="www.example.com" unencryptedUri="www.example.com" mode="RemoteOnly" >
    <files>
      <add path="/MustBeSecure.aspx" secure="Secure" />
    </files>
</secureWebPages>
Keltex  2009-12-17 20:00:56
A: 

We ended up buying ISAPI Rewrite to perform redirects at the web server level for certain URLs. That's not quite the answer I was looking for when I asked the question, but it's what works for us.

Shea Daniels  2010-02-17 05:58:37

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?