473,322 Members | 1,287 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

Detecting Secure requesting when hardware based SSL offloading is

Hi.
We have an ASP.net Web application in which some of the pages are to be
served over secure channel using HTTPS.
We have built a framework that allows pages to be served over secure channel
specified in a configuration file. When a request for specified pages comes
over HTTP, framework detects and redirects the browser over HTTPS.
Similarly for non secure pages if the request comes over HTTPS the
framework redirects the browser onto HTTP.

We use HttpRequest.IsSecureConnection property to determine HTTP/HTTPS was
used to make the request. This all used to work fine until now.

Now the infrastructure group has taken out SSL responsibilities from the Web
Server and given it to an Hardware SSL offloader. What SSL offloader is doing
is it decrypts the request from client and sends an un encrypted request to
Web Server.
As a consequence HttpRequest.IsSecureConnection is always returning false
to the application?

Is anyone aware of a solution to the above problem i.e. for us to detect SSL
request in SSL Offloading scenario by other means than using
HttpRequest.IsSecureConnection (for e.g. checking headers??)

Thanks
Nov 19 '05 #1
1 2610
If I understood correctly.. nope. If they are removing the request from the
HTTPS context, and rerouting to an HTTP URL in the backend then you are
probably out of luck. The offloader will be your only point of reference. If
the call comes from there, or if they can pass an additional flag, you should
be able to get to that.

--
Curt Christianson
site: http://www.darkfalz.com
blog: http://blog.darkfalz.com

"Prabhu" wrote:
Hi.
We have an ASP.net Web application in which some of the pages are to be
served over secure channel using HTTPS.
We have built a framework that allows pages to be served over secure channel
specified in a configuration file. When a request for specified pages comes
over HTTP, framework detects and redirects the browser over HTTPS.
Similarly for non secure pages if the request comes over HTTPS the
framework redirects the browser onto HTTP.

We use HttpRequest.IsSecureConnection property to determine HTTP/HTTPS was
used to make the request. This all used to work fine until now.

Now the infrastructure group has taken out SSL responsibilities from the Web
Server and given it to an Hardware SSL offloader. What SSL offloader is doing
is it decrypts the request from client and sends an un encrypted request to
Web Server.
As a consequence HttpRequest.IsSecureConnection is always returning false
to the application?

Is anyone aware of a solution to the above problem i.e. for us to detect SSL
request in SSL Offloading scenario by other means than using
HttpRequest.IsSecureConnection (for e.g. checking headers??)

Thanks

Nov 19 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

10
by: Frances Del Rio | last post by:
pls, why is this not working? <SCRIPT language=JavaScript type="text/javascript"> var br = '<SCRIPT language=Javascript' br += 'src="js_pop.js" type="text/javascript">' br += '</SCRIPT>' var...
7
by: fox | last post by:
Maybe this is not the best group to ask this question, but I don't know a better one. I'm looking for a *portable* program in C (I mean source code) to detect whether unaligned word access is:...
1
by: Daniel Diehl | last post by:
Hi, I'm looking for a solution to detect if a USB Sticker (USB Drive) ist plugged in or plugged out. Currently Im able to detect Hardware Plugin and Plugout but don't get any information what type...
5
by: Joe | last post by:
I have an application which runs in a non-secure environment. I also have an application that runs in a secure environment (both on the same machine). Is there any way to share the session data for...
2
by: Jeremy S. | last post by:
In an ASP.NET 1.1 Web application, how can I detect - with *reasonable* accuracy - whether any particular browser is a downlevel browser? My objective is to insert a different menu (different...
31
by: Fredrik Tolf | last post by:
Hi List! I was thinking about secure Python code execution, and I'd really appreciate some comments from those who know Python better than I do. I was thinking that maybe it could be possible...
3
by: Raqueeb Hassan | last post by:
Hello, Given the idea of having voter ID card for all the citizens of Bangladesh, I was thinking of assessing few things before it actually starts. The election commission, the government agency...
1
by: Przemek M. Zawada | last post by:
Dear Group, I have got two mice connected to one PC (notebook). In example I click parallel left button on mouse A and left button on mouse B. Is it possible, programmatically detect which on...
15
by: RobG | last post by:
When using createEvent, an eventType parameter must be provided as an argument. This can be one of those specified in DOM 2 or 3 Events, or it might be a proprietary eventType. My problem is...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.