J
jdp
I've created an asp.net 2.0 site that has secure and non secure pages
so, obviously, it has a login page. The web.sitemap file has the url
set to the relative location of the page, meaning https isn't
specified. Because my machine and any other developer will have a
certificate installed, we get a Security Alert dialog box. Click Yes
and get routed to the login page in https mode. User logs in and
continues in https mode, all is fine. Here's the question. When
sitting on the login page the first time (https is the mode), and I
click any link in my menu, meaning any page exposed to the public, I
can't get out of https mode! How do you toggle the mode? What
I've tried is creating an http module that intercepts the
PreRequestHandlerExecute method (code is below). This sort of works
except that I have two other pages on the login page that, once on
them, if I click in the menu, I need to get out of https mode. I was
hoping I wouldn't have to hard code them in the second if statement.
Can anyone shed some light on this?
Here's the code for trying to switch modes:
Dim ctx As HttpContext = HttpContext.Current
If ctx.Request.IsAuthenticated = True AndAlso
ctx.Request.IsSecureConnection = False Then
ctx.Response.Redirect(ctx.Request.Url.ToString.Replace("http:",
"https:"))
Else
If ctx.Request.IsAuthenticated = False AndAlso _
ctx.Request.IsSecureConnection = True AndAlso _
ctx.Request.Url.ToString.ToLower.IndexOf("webresource.axd") = -1
AndAlso _
Not ctx.Request.CurrentExecutionFilePath.ToLower =
FormsAuthentication.LoginUrl.ToLower Then
ctx.Response.Redirect(ctx.Request.Url.ToString.Replace("https:",
"http:"))
End If
End If
Any feedback is greatly appreciated!
so, obviously, it has a login page. The web.sitemap file has the url
set to the relative location of the page, meaning https isn't
specified. Because my machine and any other developer will have a
certificate installed, we get a Security Alert dialog box. Click Yes
and get routed to the login page in https mode. User logs in and
continues in https mode, all is fine. Here's the question. When
sitting on the login page the first time (https is the mode), and I
click any link in my menu, meaning any page exposed to the public, I
can't get out of https mode! How do you toggle the mode? What
I've tried is creating an http module that intercepts the
PreRequestHandlerExecute method (code is below). This sort of works
except that I have two other pages on the login page that, once on
them, if I click in the menu, I need to get out of https mode. I was
hoping I wouldn't have to hard code them in the second if statement.
Can anyone shed some light on this?
Here's the code for trying to switch modes:
Dim ctx As HttpContext = HttpContext.Current
If ctx.Request.IsAuthenticated = True AndAlso
ctx.Request.IsSecureConnection = False Then
ctx.Response.Redirect(ctx.Request.Url.ToString.Replace("http:",
"https:"))
Else
If ctx.Request.IsAuthenticated = False AndAlso _
ctx.Request.IsSecureConnection = True AndAlso _
ctx.Request.Url.ToString.ToLower.IndexOf("webresource.axd") = -1
AndAlso _
Not ctx.Request.CurrentExecutionFilePath.ToLower =
FormsAuthentication.LoginUrl.ToLower Then
ctx.Response.Redirect(ctx.Request.Url.ToString.Replace("https:",
"http:"))
End If
End If
Any feedback is greatly appreciated!