473,573 Members | 2,833 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

http vs https

I've created an asp.net 2.0 site that has secure and non secure pages
so, obviously, it has a login page. The web.sitemap file has the url
set to the relative location of the page, meaning https isn't
specified. Because my machine and any other developer will have a
certificate installed, we get a Security Alert dialog box. Click Yes
and get routed to the login page in https mode. User logs in and
continues in https mode, all is fine. Here's the question. When
sitting on the login page the first time (https is the mode), and I
click any link in my menu, meaning any page exposed to the public, I
can't get out of https mode! How do you toggle the mode? What
I've tried is creating an http module that intercepts the
PreRequestHandl erExecute method (code is below). This sort of works
except that I have two other pages on the login page that, once on
them, if I click in the menu, I need to get out of https mode. I was
hoping I wouldn't have to hard code them in the second if statement.
Can anyone shed some light on this?

Here's the code for trying to switch modes:

Dim ctx As HttpContext = HttpContext.Cur rent
If ctx.Request.IsA uthenticated = True AndAlso
ctx.Request.IsS ecureConnection = False Then
ctx.Response.Re direct(ctx.Requ est.Url.ToStrin g.Replace("http :",
If ctx.Request.IsA uthenticated = False AndAlso _
ctx.Request.IsS ecureConnection = True AndAlso _
ctx.Request.Url .ToString.ToLow er.IndexOf("web resource.axd") = -1
AndAlso _
Not ctx.Request.Cur rentExecutionFi lePath.ToLower =
FormsAuthentica tion.LoginUrl.T oLower Then

ctx.Response.Re direct(ctx.Requ est.Url.ToStrin g.Replace("http s:",
End If
End If

Any feedback is greatly appreciated!

Sep 8 '06 #1
1 2442
"jdp" <ja***********@ pacourts.uswrot e in message
news:11******** **************@ e3g2000cwe.goog legroups.com...
Can anyone shed some light on this?
This is precisely what you're looking for...
Sep 8 '06 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

by: NotGiven | last post by:
I need to verify if the page that led the user to this page used http or httpS. for example, if the use cam to my page from: httpS://www.dm.com/sample/foo.php I want to know as opposed to coming from: http://www.dm.com/sample/foo.php I've tried looking at PORT but it doesn't seem to work properly.
by: Bob Hansen | last post by:
I am using the following code in my default.asp page to redirect the page from HTTP to HTTPS <% if Request.ServerVariables("HTTPS") = "off" Then Response.Redirect("https://" & Request.ServerVariables("HTTP_HOST") & Request.ServerVariables("URL"))
by: Astra | last post by:
Hi All I've noticed on quite a few ASP sites that when they have a 'MyAccount' section they transfer the site to https and then when you have logged into your account successfully and gone back to the majority of the site you move back to http whilst still being logged in. I've used the Session var method before to check if a user can...
by: McKirahan | last post by:
I have an ASP site, an SSL certificate, and an {Order page}. I want to use "https" for the {Order page} and "http" for all others. Each page "includes" a common ".asp" file which detects the current protocol and page via the Request.ServerVariables(): "SERVER_PORT_SECURE" and "SCRIPT_NAME", respectively. ( If "SERVER_PORT_SECURE" = 1...
by: Grunff | last post by:
I'm experiencing an interesting problem with carrying a php session over from http to https. Much googling later, I'm still stuck. The application is an online shop, where some user data is stored in the session. As the user proceeds to checkout, we switch over to https. This is all done on the same physical server, under the same domain...
by: E | last post by:
I have a https login page with C# code FormsAuthentication. After logging in, my https pages recognize that I'm logged in. My http pages do not. It's as if it's considering these pages under a different domain. Am I going to have to make my entire site https? Any help/guidance is appreciated. Thanks, E
by: david | last post by:
I have developed web forms including login by using ASP.NET via HTTP. Now I want to secure the connection from client to the server via HTTPS. How can I configure the server or something else to make the change? Thank you David
by: bkasmai | last post by:
My asp.net application (developed using vs2003) runs fine on a windows 2000 server using iis 5.0. Our network manager wants to do away with any http connections and only use https for services that are used by external users. I have not got a clue how to go about this. My users are authenticated directly by querying a sql table where the user...
by: howa | last post by:
a page currently in HTTPS, I force the client to redirect to another page using HTTP under the same domain (e.g. abc.com), i.e. header("Location: http://www.abc.com/index.php"); IE successfully redirect to HTTP, but FF & Opera stay on the HTTPS any suggestions?
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.