Tuesday, March 20, 2007

HTTP & HTTPS / SSL in ASP.Net Applications

If you have the requirements to need to implement https / SSL in the asp.net application.

To avoid popup notifications for partial secured page in IE, make sure to modify references from http:// to https:// (e.g. image references, script sources, etc)

There are several way to implement the SSL in the applications, depends on the requirements :
1. Fully secured : All pages in the application will be using https://
2. Partial secured : Only certain pages in the application will be using https://, for example : login page, data submission page, reporting page, etc.

I found 2 interesting articles how to implement this partial SSL :
1. http://www.codeproject.com/useritems/switchprotocol.asp
This is a simplier solution for partial secured pages, but will need to recompile if suddenly the users need other pages to be secured :P
2. http://www.codeproject.com/aspnet/WebPageSecurity_v2.asp
This is more complete solution for partial secured pages, we can easily change the file / directory path that we need to secure in the configuration file.

PS : As you try the sample code, the session information can still be retrieved when switching from http to https vice versa.

There's a tool from microsoft called IISDiagnostic Tools, you can use the SSL Diagnostic to setup a temporary SSL certificate in your local, so you can use this to do the SSL testing locally.
http://www.microsoft.com/windowsserver2003/iis/diagnostictools/default.mspx

2 comments:

r4 ds card said...

Thanx for the information. I am new at programming. I had to establish SSL between clint and server. Now I understood why and how. Keep posting. Thanx a lot.

Ravi Kumar said...

How to transfer web application URL Http to Https using IIS Manager. Please follow the below steps:

1: Obtain a certificate from the IIS manager
2: Create an SSL binding
3: Verify the binding
4: configure ssl setting

for more details please visit:
http://www.etechpulse.com/2012/12/convert-http-web-url-to-https-using.html[^]

Post a Comment