473,322 Members | 1,431 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

How to imbed non-SSL links within SSL pages without using code

CW
I have pages, such as LogOn.aspx, Payment.aspx that enforces the use of SSL.

Every single one of my page embeds a header and menu server controls - which
have links to other pages that do not require SSL.

In the LogOn.aspx, it automatically detects in the page_load event (using
URL.Scheme property) whether SSL is running, and if not, redirect to itself
and replaces http by https in the url. This part runs fine.

However, all the other links on the logon page (including those on the menu
and header server controls) now have https rather than http as the URL
scheme. Is there anyway to get around it? The other pages do not require SSL
at all.

The method I have come up with is to turn all links into server controls,
and then modify its href property in Page_Load event. I think this adds way
too much unnecessary overhead. Is there any easier way of getting around it?

An alternative question is: if the whole site runs on SSL (i.e., I will not
stop turning SSL links into non-SSL links), is this going to cause any major
issues in terms of server load?

Another related question is whether SSL is necessary for LogOff.page. I use
FormsAuthentication (roll my own security).

A
Nov 18 '05 #1
2 1819
"CW" wrote:
However, all the other links on the logon page (including those on the menu
and header server controls) now have https rather than http as the URL
scheme. Is there anyway to get around it? The other pages do not require SSL
at all.
The way I do it, is to use absolute links everywhere, but without the protocol://hostname part. E.g. /home.aspx.

That means that I don't need to do any server-side processing of my navigation structure.

Once the person gets on to the SSL-version of the site, then they'll stay on SSL for any links that they follow, as all the links start with / . Whether this is a problem probably depends on the next question.
An alternative question is: if the whole site runs on SSL (i.e., I will not
stop turning SSL links into non-SSL links), is this going to cause any major
issues in terms of server load?
It has never been an issue for me, but obviously it depends on your site traffic and hardware. SSL requires more processor time for the encrypt / decrypt. You can buy dedicated hardware to do this also.
Another related question is whether SSL is necessary for LogOff.page. I use
FormsAuthentication (roll my own security).


Probably not, unless you give your users the option that their FormsAuth cookie is SSL only, in which case it'll only be set / removed while they are on the https:// server.

Kirk
Nov 18 '05 #2
CW
Thanks for the help

"Kirk Jackson" <Kirk Ja*****@discussions.microsoft.com> wrote in message
news:D1**********************************@microsof t.com...
"CW" wrote:
However, all the other links on the logon page (including those on the menu and header server controls) now have https rather than http as the URL
scheme. Is there anyway to get around it? The other pages do not require SSL at all.
The way I do it, is to use absolute links everywhere, but without the

protocol://hostname part. E.g. /home.aspx.
That means that I don't need to do any server-side processing of my navigation structure.
Once the person gets on to the SSL-version of the site, then they'll stay on SSL for any links that they follow, as all the links start with / .
Whether this is a problem probably depends on the next question.
An alternative question is: if the whole site runs on SSL (i.e., I will not stop turning SSL links into non-SSL links), is this going to cause any major issues in terms of server load?
It has never been an issue for me, but obviously it depends on your site

traffic and hardware. SSL requires more processor time for the encrypt /
decrypt. You can buy dedicated hardware to do this also.
Another related question is whether SSL is necessary for LogOff.page. I use FormsAuthentication (roll my own security).
Probably not, unless you give your users the option that their FormsAuth

cookie is SSL only, in which case it'll only be set / removed while they are
on the https:// server.
Kirk

Nov 18 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

12
by: lothar | last post by:
re: 4.2.1 Regular Expression Syntax http://docs.python.org/lib/re-syntax.html *?, +?, ?? Adding "?" after the qualifier makes it perform the match in non-greedy or minimal fashion; as few...
3
by: Mario | last post by:
Hello, I couldn't find a solution to the following problem (tried google and dejanews), maybe I'm using the wrong keywords? Is there a way to open a file (a linux fifo pipe actually) in...
9
by: Ravi Singh (UCSD) | last post by:
Hello all Attached is a simple HTML file that adds and delete rows. In the add row function I set an attribute "onClick" this triggers the testMessage() function. When I try this in Firefox it...
1
by: Markus Ernst | last post by:
Hi I wrote a function that "normalizes" strings for use in URLs in a UTF-8 encoded content administration application. After having removed the accents from latin characters I try to remove all...
32
by: Adrian Herscu | last post by:
Hi all, In which circumstances it is appropriate to declare methods as non-virtual? Thanx, Adrian.
14
by: Patrick Kowalzick | last post by:
Dear all, I have an existing piece of code with a struct with some PODs. struct A { int x; int y; };
13
by: Academic | last post by:
I have a MDI form, sometimes child forms and sometimes forms that are neither If I close the app the child forms closing and closed event happens followed by the Mdi form receiving the...
399
by: =?UTF-8?B?Ik1hcnRpbiB2LiBMw7Z3aXMi?= | last post by:
PEP 1 specifies that PEP authors need to collect feedback from the community. As the author of PEP 3131, I'd like to encourage comments to the PEP included below, either here (comp.lang.python), or...
6
by: Fabian Wein | last post by:
Hi, is there a way to call a const function from non const function? I have a non-const List GetList(); and want my
3
by: George2 | last post by:
Hello everyone, I am debugging MSDN code from, http://msdn2.microsoft.com/en-us/library/0eestyah(VS.80).aspx here is my output, 1>main.cpp
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.