Redirect to a secure page using HTTPS without an absolute URL

Hi

you can use

response.redire ct(Request.Appl icationPath + "/Homepage.aspx") ;

rajeev
"Pooja Renukdas" <po****@metasys software.com> wrote in message news:u0******** ******@TK2MSFTN GP11.phx.gbl...

Hello,

I have this web site where only two pages have to be secure pages and
I need to call them using https, but since I have my development
server and my production web server, I dont want to enter the absolute
url like
response.redire ct("https://myProductionSer ver.com/SecurePage.aspx "),
because when Im working in the development server I would have to
change it back and forth everytime. Is there an easy way to do this
without having to put the absolute address. And also, when Im finished
with the secure pages, how do I go back to non-secure? just entering
the address again just as http:// ? and again, how do I do it without
using the whole URL. Cause in that case I would have to specify the
absolute URL everywhere the users can click and go to another page,
cause if they are in a secure session, and they move to another page
without specifiying if it's https or just http, I think it would keep
the https no matter what kind of page it is, unless I specify
everywhere when it has to be https or http. I hope I make sense here.

Thanks a lot.

You can do the following. Obviously, you'll have to change the code a bit
to suit what you want, but i guess you can derive it from this...
if(Request.Serv erVariables["HTTPS"].ToLower() == "off")
{
strBaseURL = "http://";
}
else
{
strBaseURL = "https://";
}
strBaseURL = strBaseURL + Request.ServerV ariables["SERVER_NAM E"] + ":";
strBaseURL = strBaseURL + Request.ServerV ariables["SERVER_POR T"];
strBaseURL = strBaseURL + Request.ServerV ariables["URL"];
"Pooja Renukdas" <po****@metasys software.com> wrote in message
news:u0******** ******@TK2MSFTN GP11.phx.gbl...

Hello,

I have this web site where only two pages have to be secure pages and
I need to call them using https, but since I have my development
server and my production web server, I dont want to enter the absolute
url like
response.redire ct("https://myProductionSer ver.com/SecurePage.aspx "),
because when Im working in the development server I would have to
change it back and forth everytime. Is there an easy way to do this
without having to put the absolute address. And also, when Im finished
with the secure pages, how do I go back to non-secure? just entering
the address again just as http:// ? and again, how do I do it without
using the whole URL. Cause in that case I would have to specify the
absolute URL everywhere the users can click and go to another page,
cause if they are in a secure session, and they move to another page
without specifiying if it's https or just http, I think it would keep
the https no matter what kind of page it is, unless I specify
everywhere when it has to be https or http. I hope I make sense here.

Thanks a lot.

Pooja,

There are a few ways to accomplish your task. I'll list a couple.

1.) You could add a few lines of code to your Global.asax file for the
Application_Beg inRequest event handler. This handler would simply check the
current page request, via Request.Path.En dsWith("/PageName.aspx") , for
either of the two pages you need to be secure. Once it's determined if the
page requested needs to be secure, check Request.IsSecur eConnection to see
if the request was already made via HTTPS. If not, redirect to
Request.Path.Re place("http://", "https://"). If the requested page is not
one of those two pages yet Request.IsSecur eConnection returns True, then
redirect to Request.Path.Re place("https://", "http://") to undo the secure
connection.

2.) Another alternative is to create an HttpModule that you can install with
each project, or for the entire server via machine.config, that reads a
custom configuration section from your web.config file for the pages and
directories that need to be secured and any pages and directories that
should be ignored (i.e. requests that should remain in the protocal they
were requested). This class would read those pages into a searchable
collection and test for a match with the current requested page from the
BeginRequest event once again. A decision to redirect is made there.

Have fun,
Matt

"Pooja Renukdas" <po****@metasys software.com> wrote in message
news:u0******** ******@TK2MSFTN GP11.phx.gbl...
Hello,

I have this web site where only two pages have to be secure pages and
I need to call them using https, but since I have my development
server and my production web server, I dont want to enter the absolute
url like
response.redire ct("https://myProductionSer ver.com/SecurePage.aspx "),
because when Im working in the development server I would have to
change it back and forth everytime. Is there an easy way to do this
without having to put the absolute address. And also, when Im finished
with the secure pages, how do I go back to non-secure? just entering
the address again just as http:// ? and again, how do I do it without
using the whole URL. Cause in that case I would have to specify the
absolute URL everywhere the users can click and go to another page,
cause if they are in a secure session, and they move to another page
without specifiying if it's https or just http, I think it would keep
the https no matter what kind of page it is, unless I specify
everywhere when it has to be https or http. I hope I make sense here.

Thanks a lot.