How can I future-proof my client URL links to my server for future HTTPS migration?

views:

answers:

How can I future-proof my client URL links to my server for future HTTPS migration?

I have a .net winforms client talking to my ruby on rails backend. If I move the website in the future I want to make sure that my API links from the client don't have to change.

Or is this something a hosting provider can let you configure.

Oh, and when I do migrate I will not want any non HTTPS to occur.

PS1 - I am not talking about moving servers here, just upgrading the existing web application server with a certificate and moving to HTTPS only traffic

If I understand the question correctly, I think you can solve this by using relative links everywhere; unless there's a reason you can't do that?

Sander Rijken 2009-12-14 22:07:11

need an absolute link in the windows client so it knows where to connect to the webservice (well it's really just a web API, not SOAP webservice)

Greg 2009-12-14 22:32:18

I think you need to look into DNS and how it works. It's not going to protect you against an HTTP to HTTPS migration but would allow you to move servers without re-engineering your code. Ideally I think you'd look to have a config setting in your code to switch from HTTP to HTTPS (and back) when necessary.

Lazarus 2009-12-14 22:10:44

so no server side trick/approach so the client doesn't need smarts then? I'm not talking about moving servers by the way, just upgrading the web application to have a certificate and move to HTTPS for all traffic

Greg 2009-12-14 22:35:17

+3 A:

Place a base url as a config parameter in your client application, then run all new links through a getLinkURL(String relativeDestination) method which will give you a full url.

If you're worried about clients that haven't been updated making non-http requests, in your http (non-secure) vhost just Redirect 301 / https:// on your server.

Matt 2009-12-14 22:28:55

its setting the base URL I'm worried about - the redirect sounds good - is this a server side redirect? i.e. transparent to the client?

Greg 2009-12-14 22:33:51

It's a http 301 code, redirected permanently, all browsers should implement that

Sander Rijken 2009-12-14 23:39:47

in my case however it's not a browser - it's a .net client???

Greg 2009-12-15 00:15:09

.net isn't my bag, but every reasonable http client library should support following redirects. It may or may not be on by default... check the API.

Matt 2009-12-15 01:18:54

arr, I see that "HttpWebRequest..::.AllowAutoRedirect Property, Gets or sets a value that indicates whether the request should follow redirection responses" - so I take it the proposed answer here is to then (A) arrange a redirect if a request comes in on HTTP, and (B) ensure the client does follow redirects. This the best overall answer then?

Greg 2009-12-15 01:30:02

Seems like a good plan... code your client to dynamically build URLs and follow server redirects, and then you have the flexibility to do what you wish on the server side... redirect to https, mod_rewrite, etc.

Matt 2009-12-15 02:01:11

ansaurus

tags:

views:

answers:

How can I future-proof my client URL links to my server for future HTTPS migration?

related questions