tags:

views:

4701

answers:

3
+1  Q: 

How to use HTTPS in ASP.Net appllication

Hi all

My Asp.Net web application has so many web pages.

But i want to use HTTPS for only Login.aspx page.

How can i do??? Pleaes Help me..... thanks

+1  A: 

You can enable HTTPS in your IIS config, but it won't be "secure" unless you acquire an SSL Certificate and plug it into IIS. Make sure you have port 443 open.

tsilb  2009-02-12 02:17:09
+4  A: 

You can publish your own certificate or you can purchase one. The caveat is that purchasing one, depending on the company, means that it's already stored in the certificate store for most browsers. Your self published one will not be and your users will have to take the extra step of installing your cert.

You don't say what version of IIS you're using, but here are some detailed instructions for IIS 6

You can purchase relatively cheap certs or you can go with the big boys (verisign) and get an extended validation certificate which turns your address bar in IE, green. It's also a somewhat rigorous validation process and takes time.

If you know all of the users that will be hitting your website, there's no problem with installing your own. However, for an open website with anonymous users (that you don't know), it's probably best to purchase one that is already in most major browsers, certificate stores.

You can enable SSL via IIS and require it for only your login.aspx page and not for the rest.

GregD  2009-02-12 02:21:19
+2  A: 

After you get SSL setup/installed, you want to do some sort of redirect on the login page to https://. Then whatever page the user is sent to after validation, it can just be http://. 

Protected Sub Page_PreRender(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.PreRender
    If Request.IsSecureConnection = False And _
        Not Request.Url.Host.Contains("localhost") Then

        Response.Redirect(Request.Url.AbsoluteUri.Replace("http://", "https://"))
    End If
End Sub

This may be easier to implement on a master page or just all the pages you require https. By checking for "localhost" you will avoid getting an error in your testing environment (Unless your test server has another name than check for that: "mytestservername").

Jeff O  2009-02-12 02:24:06
i don't know how to redirect login page with HTTPS:// that is my problem. thanks
Mon Aung  2009-02-12 02:50:02
Add Guiness' code to the page that contains your login control. I'd probably actually move it to the top of page_load, or into OnInit, as that saves processing everything else, but this will work nicely.
Zhaph - Ben Duguid  2009-02-13 09:58:45

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps