469,934 Members | 1,873 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,934 developers. It's quick & easy.

Redirect to a secure page using HTTPS without an absolute URL

Hello,

I have this web site where only two pages have to be secure pages and
I need to call them using https, but since I have my development
server and my production web server, I dont want to enter the absolute
url like
response.redirect("https://myProductionServer.com/SecurePage.aspx"),
because when Im working in the development server I would have to
change it back and forth everytime. Is there an easy way to do this
without having to put the absolute address. And also, when Im finished
with the secure pages, how do I go back to non-secure? just entering
the address again just as http:// ? and again, how do I do it without
using the whole URL. Cause in that case I would have to specify the
absolute URL everywhere the users can click and go to another page,
cause if they are in a secure session, and they move to another page
without specifiying if it's https or just http, I think it would keep
the https no matter what kind of page it is, unless I specify
everywhere when it has to be https or http. I hope I make sense here.

Thanks a lot.
Nov 17 '05 #1
3 13809
Hi

you can use

response.redirect(Request.ApplicationPath + "/Homepage.aspx");

rajeev
"Pooja Renukdas" <po****@metasyssoftware.com> wrote in message news:u0**************@TK2MSFTNGP11.phx.gbl...
Hello,

I have this web site where only two pages have to be secure pages and
I need to call them using https, but since I have my development
server and my production web server, I dont want to enter the absolute
url like
response.redirect("https://myProductionServer.com/SecurePage.aspx"),
because when Im working in the development server I would have to
change it back and forth everytime. Is there an easy way to do this
without having to put the absolute address. And also, when Im finished
with the secure pages, how do I go back to non-secure? just entering
the address again just as http:// ? and again, how do I do it without
using the whole URL. Cause in that case I would have to specify the
absolute URL everywhere the users can click and go to another page,
cause if they are in a secure session, and they move to another page
without specifiying if it's https or just http, I think it would keep
the https no matter what kind of page it is, unless I specify
everywhere when it has to be https or http. I hope I make sense here.

Thanks a lot.

Nov 17 '05 #2
You can do the following. Obviously, you'll have to change the code a bit
to suit what you want, but i guess you can derive it from this...
if(Request.ServerVariables["HTTPS"].ToLower() == "off")
{
strBaseURL = "http://";
}
else
{
strBaseURL = "https://";
}
strBaseURL = strBaseURL + Request.ServerVariables["SERVER_NAME"] + ":";
strBaseURL = strBaseURL + Request.ServerVariables["SERVER_PORT"];
strBaseURL = strBaseURL + Request.ServerVariables["URL"];
"Pooja Renukdas" <po****@metasyssoftware.com> wrote in message
news:u0**************@TK2MSFTNGP11.phx.gbl...
Hello,

I have this web site where only two pages have to be secure pages and
I need to call them using https, but since I have my development
server and my production web server, I dont want to enter the absolute
url like
response.redirect("https://myProductionServer.com/SecurePage.aspx"),
because when Im working in the development server I would have to
change it back and forth everytime. Is there an easy way to do this
without having to put the absolute address. And also, when Im finished
with the secure pages, how do I go back to non-secure? just entering
the address again just as http:// ? and again, how do I do it without
using the whole URL. Cause in that case I would have to specify the
absolute URL everywhere the users can click and go to another page,
cause if they are in a secure session, and they move to another page
without specifiying if it's https or just http, I think it would keep
the https no matter what kind of page it is, unless I specify
everywhere when it has to be https or http. I hope I make sense here.

Thanks a lot.

Nov 17 '05 #3
Pooja,

There are a few ways to accomplish your task. I'll list a couple.

1.) You could add a few lines of code to your Global.asax file for the
Application_BeginRequest event handler. This handler would simply check the
current page request, via Request.Path.EndsWith("/PageName.aspx"), for
either of the two pages you need to be secure. Once it's determined if the
page requested needs to be secure, check Request.IsSecureConnection to see
if the request was already made via HTTPS. If not, redirect to
Request.Path.Replace("http://", "https://"). If the requested page is not
one of those two pages yet Request.IsSecureConnection returns True, then
redirect to Request.Path.Replace("https://", "http://") to undo the secure
connection.

2.) Another alternative is to create an HttpModule that you can install with
each project, or for the entire server via machine.config, that reads a
custom configuration section from your web.config file for the pages and
directories that need to be secured and any pages and directories that
should be ignored (i.e. requests that should remain in the protocal they
were requested). This class would read those pages into a searchable
collection and test for a match with the current requested page from the
BeginRequest event once again. A decision to redirect is made there.

Have fun,
Matt

"Pooja Renukdas" <po****@metasyssoftware.com> wrote in message
news:u0**************@TK2MSFTNGP11.phx.gbl...
Hello,

I have this web site where only two pages have to be secure pages and
I need to call them using https, but since I have my development
server and my production web server, I dont want to enter the absolute
url like
response.redirect("https://myProductionServer.com/SecurePage.aspx"),
because when Im working in the development server I would have to
change it back and forth everytime. Is there an easy way to do this
without having to put the absolute address. And also, when Im finished
with the secure pages, how do I go back to non-secure? just entering
the address again just as http:// ? and again, how do I do it without
using the whole URL. Cause in that case I would have to specify the
absolute URL everywhere the users can click and go to another page,
cause if they are in a secure session, and they move to another page
without specifiying if it's https or just http, I think it would keep
the https no matter what kind of page it is, unless I specify
everywhere when it has to be https or http. I hope I make sense here.

Thanks a lot.
Nov 17 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

7 posts views Thread by Brian Henry | last post: by
2 posts views Thread by Sergej Prokoviev | last post: by
7 posts views Thread by =?Utf-8?B?YzY3NjIyOA==?= | last post: by
2 posts views Thread by RuthC | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.