If my login pages are https, does it matter if "requireSSl" is true in the forms tab of the web config?
Currently I am redirecting pages with IIS to HTTPS. When I set requiressl it seems to cause problems.
Can someone put the two settings in perspective. thanks
if you set https at the server level then requireSsl does not matter (setting it on or off should not make any difference). After setting https required, set a redirect as mentioned in this article:
http://www.jppinto.com/2009/01/automatically-redirect-http-requests-to-https-on-iis-6/
==== reference http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.requiressl.aspx
You can specify in the Web.config file for your ASP.NET application whether SSL (Secure Sockets Layer) is required to return the forms-authentication cookie to the server by setting the requireSSL attribute