VS.NET and HTTPS

[mike parr]

I have written a couple of HTTPS websites using notepad, and now I'm
trying to write one in VS.NET but I'm having a few problems. I need a
default file in the root folder which redirects to a secure folder where
all my files (excluding bin folder, web.config) reside.

To start off with I developed all my files as normal and then tried to
cut and paste them to the secure folder. This didn't work, so then I
tried changing the Inherits part of the aspx to secure.filename rather
than root.filename, the namespace of the cs file from rootname to secure
and I also changed the file location in the solution file. This still
doesn't work.

There's probably a very simple solution to this, can somebody please
tell me what it is!


Cheers,

Mike




*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!

 

[Cowboy \(Gregory A. Beamer\) [MVP]]

Use global.asax. You need to work with the BeginRequest() function

protected void Application_BeginRequest(Object sender, EventArgs e)
{
string RequestURL = Request.Url.ToString();
if(RequestURL.StartsWith("http://"))
{
Response.Redirect(RequestURL.Replace("http:","https:"));
}
}

This is a redirect in the same app. You can also go to a different site, if
you wish. This script makes all http communication switch to https instead.
You should be able to tailor this for your use.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

************************************************
Think Outside the Box!
************************************************
I have written a couple of HTTPS websites using notepad, and now I'm
trying to write one in VS.NET but I'm having a few problems. I need a
default file in the root folder which redirects to a secure folder where
all my files (excluding bin folder, web.config) reside.

To start off with I developed all my files as normal and then tried to
cut and paste them to the secure folder. This didn't work, so then I
tried changing the Inherits part of the aspx to secure.filename rather
than root.filename, the namespace of the cs file from rootname to secure
and I also changed the file location in the solution file. This still
doesn't work.

There's probably a very simple solution to this, can somebody please
tell me what it is!


Cheers,

Mike




*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!

 

[Mike P]

Gregory,

Originally I changed all my redirects to the full URL (http:etc) rather
than the relative path (page1.aspx). But doing this lost me my session
variables. Would your method not cause the same problem?


Thanks,

Mike



*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!

 

[Cowboy \(Gregory A. Beamer\) [MVP]]

I have not tested the http to https transfer and session vars. I normally
kick the person over as step one for HTTPS sites. I also have a backup for
session information. When a user is in session, I load his information in a
session user object. If the object is ever blank, I re-grab his credentials
and reload. I am a bit skittish about session, having experienced problems
in traditional ASP.

Here is an easy test. Change the redirect where it sends ?session=" +
Session.SessionID.ToString(). On the redirect page, have the following: (C#,
let me know if you are in another language and cannot translate):

In page_Load

string OriginalSession = Request.QueryString("session").ToString().Trim();
string CurrentSession = Session.SessionID.ToString().Trim();

if(OriginalSession == CurrentSession)
Response.Write("Session is the same ID<br/>");
else
Response.Write("Session is NOT the same ID<br/>");

Response.Write("Original Session: " + OriginalSession + "<br/>");
Response.Write("Current Session: " + CurrentSession + "<br/>");

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

************************************************
Think Outside the Box!
************************************************