tags:

views:

55

answers:

4
+2  Q: 

Forcing SSL (https) on a page by page basis

How can I set up my page load event in my code behind to redirect to an url that has an https prefix? I would need it to work with urls that have query strings attached too.

It's one thing to construct a link that goes straight to the https page, but I don't want the user to be able to manually change it to an http page.

Also I don't want to do it with javascript because it might be turned off.

I'm guessing a regular expression?

A: 

Add this at the top of your Page_Load

if (Request.ServerVariables["HTTPS"] != "ON")
{
    Response.Redirect("https://" + Request["HTTP_HOST"] + Request.RawUrl);
}
jojaba  2010-09-09 23:54:00
That works but the browser is saying the page is in a redirect loop. So it won't show the content.
nick  2010-09-10 00:37:06
@Nick: There are much better answers posted.
jojaba  2010-09-10 00:46:55
+1  A: 

We mark our SSL Required pages with a special attribute ForceSslAttribute. Then we have a HttpModule that pulls down the current page's class and inspect it's attributes.

If the attribute is present on the page, it takes the exact url that was passed and changes the protocol from http to https then calls a redirect.

There's probably a bit simpler way of doing it, but that's how it's done for us.

Attribute:

[AttributeUsage(AttributeTargets.Class, AllowMultiple=false, Inherited=true)]
public sealed class ForceSslAttribute : Attribute
{
    // Marker Attribute
}

Page Example (CodeBehind):

[ForceSsl]
public partial class User_Login : Page
{
    //...
}

You can figure out the type of the page like this:

HttpContext.Current.CurrentHandler.GetType()

All Page's implement IHttpHandler and when you're visiting a page, it'll work.

The cool part about this method is you can mark anything that's an IHttpHandler and it'll force the redirect too :)

Aren  2010-09-09 23:54:48
A: 

I use the following in Global.asax Application_BeginRequest

If needsSSL <> Request.IsSecureConnection Then
    If needsSSL Then
        Response.Redirect(Uri.UriSchemeHttps + Uri.SchemeDelimiter + Request.Url.Host +  Request.Url.PathAndQuery, True)
    Else
        Response.Redirect(Uri.UriSchemeHttp + Uri.SchemeDelimiter + Request.Url.Host + Request.Url.PathAndQuery, True)
    End If
End If
radimd  2010-09-10 00:12:18
A: 

There is an IIS7 module for URL rewriting. Very handy, but you need access to the IIS and it requires some time to learn how to write the rules. A simple http->https rule is a matter of seconds.

Just be careful because any rules you add will be stored in your web.config, so don't delete/override it or you will have to write them again.

Erik  2010-09-17 00:46:32

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?