473,403 Members | 2,323 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > ensure page is only accessed via ssl

Join Bytes to post your question to a community of 473,403 software developers and data experts.

Ensure page is only accessed via SSL

If a user where to go to http://server/page.aspx I want to force them over
to https://server/page.aspx. So those that didn't catch the subtle hint
there, I want to move them over to the SSL page.

What's the best way to handle that? I know I can have IIS block access to a
page if it's not over HTTPS, but I just want to seamlessly move them to the
HTTPS space.

I was thinking I could Response.Redirect() on the page load, but that just
doesn't seem right.

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708

Nov 18 '05 #1
3 2668
I'll answer my own question

In Page_load

Response.Buffer = true;

if(Request.ServerVariables["HTTPS"].Equals("off"))

{

String redirect = "", queryString = "";

redirect = "https://" + Request.ServerVariables["SERVER_NAME"] +

Request.ServerVariables["SCRIPT_NAME"];

queryString = Request.ServerVariables["QUERY_STRING"];

if(!queryString.Equals(""))

redirect += "?" + queryString;

Response.Redirect(redirect);

}

To reverse that (go from https to http) just switch the first if statment to
on, and assign redirect to http instead of https
--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708
"- Steve -" <se****@foundation.sdsu.edu> wrote in message
news:u5*************@tk2msftngp13.phx.gbl...
If a user where to go to http://server/page.aspx I want to force them over
to https://server/page.aspx. So those that didn't catch the subtle hint
there, I want to move them over to the SSL page.

What's the best way to handle that? I know I can have IIS block access to
a page if it's not over HTTPS, but I just want to seamlessly move them to
the HTTPS space.

I was thinking I could Response.Redirect() on the page load, but that just
doesn't seem right.

--

Steve Evans
Email Services
SDSU Foundation
(619) 594-0708

Nov 18 '05 #2
- Steve - wrote:
I'll answer my own question

In Page_load

Response.Buffer = true;

if(Request.ServerVariables["HTTPS"].Equals("off"))

{

String redirect = "", queryString = "";

redirect = "https://" + Request.ServerVariables["SERVER_NAME"] +

Request.ServerVariables["SCRIPT_NAME"];

queryString = Request.ServerVariables["QUERY_STRING"];

if(!queryString.Equals(""))

redirect += "?" + queryString;

Response.Redirect(redirect);

}


Testing ServerVariables seems a little ASPish -- better to use properties:

if (Request.IsSecureConnection()) {
// ...
queryString = Request.QueryString;
}

Also, in a more real-world scenario, load balancers or application level
firewalls should enforce such access rules (though redundant security
features won't hurt ;->).

--
Joerg Jooss
jo*********@gmx.net

Nov 18 '05 #3
On Thu, 1 Jul 2004 15:26:27 -0700, "- Steve -"
<se****@foundation.sdsu.edu> wrote:
I'll answer my own question

In Page_load

Response.Buffer = true;

if(Request.ServerVariables["HTTPS"].Equals("off"))

{

String redirect = "", queryString = "";

redirect = "https://" + Request.ServerVariables["SERVER_NAME"] +

Request.ServerVariables["SCRIPT_NAME"];

queryString = Request.ServerVariables["QUERY_STRING"];

if(!queryString.Equals(""))

redirect += "?" + queryString;

Response.Redirect(redirect);

}

To reverse that (go from https to http) just switch the first if statment to
on, and assign redirect to http instead of https


you can install the rsa ace client for IIS and it has an option for
force https. http://www.rsasecurity.com

-Adam
Nov 18 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
Checking that ASP page hasn't been accessed directly.
by: Laphan | last post by:
Hi All I've been looking at having my Javascript file as an ASP one to try and stop general prying eyes, eg: <SCRIPT LANGUAGE="javascript" SRC="js-something.asp"> </SCRIPT> and this seems...
ASP / Active Server Pages
8
I want to create something like AMAZON: those who liked page A also liked page B
by: windandwaves | last post by:
Hi Folk I want to create something like AMAZON: those who liked page A also liked page B (I am going to apply the concept to a few different selections, but to keep it simple I will talk about...
PHP
4
Dynamically adding web controls to a page
by: Bas Groeneveld | last post by:
I am developing an ASP.NET application part of which consists of a data entry wizard defined by entries in a data table - ie the controls on each page of the wizard are determined by definitions in...
ASP.NET
3
Ensure the propper calling class.
by: Ray Cassick \(Home\) | last post by:
I have several classes that has a public interface (nothing really different there :) ). 1) I would like to ensure that some classes can only be instantiated by a specific class type. 2) ...
Visual Basic .NET
8
Loading page using browser's history
by: Ed Jay | last post by:
I want to use history.go() to navigate between my previously loaded pages. I'm looking for a way to trigger a function call when a page is accessed using history.go(). Is there an event generated?...
Javascript
5
global.asax for non-page inheriting objects
by: Dylan Parry | last post by:
Hi folks, I'm not really sure of the terminology here, so I'll try my best. I have been using global.asax to set up application variables that are used within my applications, but for obvious...
C# / C Sharp
2
using javascript closures to create singletons to ensure the survival of a reference to an HTML block
by: Jake Barnes | last post by:
Using javascript closures to create singletons to ensure the survival of a reference to an HTML block when removeChild() may remove the last reference to the block and thus destory the block is...
Javascript
1
Page Access
by: Jerim79 | last post by:
I have a 3 page PHP script. I only want people to be able to access the first page of the script by URL. The other 2 pages need to return a message such as "This page can not be accessed directly."...
PHP
7
Ensure a control is in the page
by: David | last post by:
Hi using C#, .NET 1.1 I want to ensure a particular control is in a certain place in the page... For example, in the head section, I want to ensure that a literal control of a certain name...
ASP.NET
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!