tags:

views:

136

answers:

1
+1  Q: 

ASP.NET MVC switching between secure to none secure content.

After logging to the mvc site using a secure connection (https), calling actions using https connection show up with the user logged in but calling actions using http it bahaves as if user didn't log on.

Since I need to use a virtual directory for https connections(and can't use that directory for http connection) Https links start with: https://www.sitename.com/vdir/... Http links start with: http://www.sitename.com/...

Any idea what's causing this behavior?

Any help greatly appreciated. Thank you!

+2  A: 

Two different virtual directories cannot share session information in IIS 6, unless your are willing to use SQL State or a state server, and use the (unsafe?) cookieless session mode.

To accomplish the wanted behavior, open both port 80 and port 443 on the main site, so you can access them both with http://sitename.com and https://sitename.com. Then you can switch between http and https whenever you want. Just ditch the idea of different virtual directories for different protocols.

Jan Jongboom  2010-01-18 10:47:33
Thanks you! Since it was shared ssl (it's just a test site) I was forced to use a special virtual directory for the https connection.Will this be fine when I use the same directory for both (opening 80 and 443 ports)? Do all subdirectories share session info?According to the hosting company it's on IIS7, would that make a difference?
Debra  2010-01-18 15:26:46
You will need to enforce session sharing in IIS 7 between VD's. It's possible afaik, but I've never used it myself. If you have one website with multiple ports this will work as expected. Multiple subdirectories will share the same session as long as they are in the same virtual directory/website.
Jan Jongboom  2010-01-18 16:05:46
Hmm, I cannot find any prove for my earlier statement that this was possible in IIS 7. If anyone finds info on how to configure this, please add this to the answer :-)
Jan Jongboom  2010-01-18 16:08:01
Thank you Jan! In the real site we'll have our own certificate so that should be fine.
Debra  2010-01-18 21:09:59

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps