469,609 Members | 1,198 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,609 developers. It's quick & easy.

asp.net application - http to https

My asp.net application (developed using vs2003) runs fine on a windows
2000 server using iis 5.0. Our network manager wants to do away with
any http connections and only use https for services that are used by
external users. I have not got a clue how to go about this. My users
are authenticated directly by querying a sql table where the user names
and passwords are stored. What do I need to do to my application or IIS
so that internal users use http and external use https? Any help on
this will be appreciated.

Sep 15 '06 #1
4 1927
Whbat you're talking about is using SSL (Secure Sockets Layer). This
encrypts data being sent back and forth between client and server. You need
to obtain and install a Secure Certificate on the web server first. See
http://www.verisign.com/ssl/ssl-information-center/ for details. After that,
it's simply a matter of ensuring that all links in the web site are via
HTTPS instead of HTTP, by changing any absolute path references to use
"https://" instead of "http://" A relative path that comes from an
HTTPS-requested page will use the same protocol.

--
HTH,

Kevin Spencer
Microsoft MVP
Chicken Salad Surgery

What You Seek Is What You Get.

<bk*****@gmail.comwrote in message
news:11**********************@e3g2000cwe.googlegro ups.com...
My asp.net application (developed using vs2003) runs fine on a windows
2000 server using iis 5.0. Our network manager wants to do away with
any http connections and only use https for services that are used by
external users. I have not got a clue how to go about this. My users
are authenticated directly by querying a sql table where the user names
and passwords are stored. What do I need to do to my application or IIS
so that internal users use http and external use https? Any help on
this will be appreciated.

Sep 15 '06 #2
Thanks for you help. I am now much more conversed with https than I was
before. Do i really need to go through the bother of acquiring a
digital certificate if all we need is to allow remote users from
another private lan to access our application via https? The firewalls
on both sides make sure that only machines with specific ip addresses
can get through. The main reason for using https is the security of
data while on transit from one private network to another. Can we use a
self certification cheme? Do we need certification for every Web server
in our network? The application is an asp.net with virtually all codes
behind on the server with no explicit reference to http:// ... within
the codes?

PS Please forgive may ignorance. The main focus of my work is on
application develpment rather than implementation.
Kevin Spencer wrote:
Whbat you're talking about is using SSL (Secure Sockets Layer). This
encrypts data being sent back and forth between client and server. You need
to obtain and install a Secure Certificate on the web server first. See
http://www.verisign.com/ssl/ssl-information-center/ for details. After that,
it's simply a matter of ensuring that all links in the web site are via
HTTPS instead of HTTP, by changing any absolute path references to use
"https://" instead of "http://" A relative path that comes from an
HTTPS-requested page will use the same protocol.

--
HTH,

Kevin Spencer
Microsoft MVP
Chicken Salad Surgery

What You Seek Is What You Get.

<bk*****@gmail.comwrote in message
news:11**********************@e3g2000cwe.googlegro ups.com...
My asp.net application (developed using vs2003) runs fine on a windows
2000 server using iis 5.0. Our network manager wants to do away with
any http connections and only use https for services that are used by
external users. I have not got a clue how to go about this. My users
are authenticated directly by querying a sql table where the user names
and passwords are stored. What do I need to do to my application or IIS
so that internal users use http and external use https? Any help on
this will be appreciated.
Sep 16 '06 #3
Hi,

I'm not sure if it will helps you. But for my intranets, I generate an
SSL certificate with my own certificate authority created on a windows
2k3 server. It's really simple to implments if your goal is to crypt
data (you only need to install certificate authority component).
Otherwise, If your goal is to authenticate your server you have to
fallow KB on implementing a PKI infrastructure.

Hope it will help you.

Vincent
http://varod.blogspot.com

bkas...@gmail.com a écrit :
Thanks for you help. I am now much more conversed with https than I was
before. Do i really need to go through the bother of acquiring a
digital certificate if all we need is to allow remote users from
another private lan to access our application via https? The firewalls
on both sides make sure that only machines with specific ip addresses
can get through. The main reason for using https is the security of
data while on transit from one private network to another. Can we use a
self certification cheme? Do we need certification for every Web server
in our network? The application is an asp.net with virtually all codes
behind on the server with no explicit reference to http:// ... within
the codes?

PS Please forgive may ignorance. The main focus of my work is on
application develpment rather than implementation.
Kevin Spencer wrote:
Whbat you're talking about is using SSL (Secure Sockets Layer). This
encrypts data being sent back and forth between client and server. You need
to obtain and install a Secure Certificate on the web server first. See
http://www.verisign.com/ssl/ssl-information-center/ for details. After that,
it's simply a matter of ensuring that all links in the web site are via
HTTPS instead of HTTP, by changing any absolute path references to use
"https://" instead of "http://" A relative path that comes from an
HTTPS-requested page will use the same protocol.

--
HTH,

Kevin Spencer
Microsoft MVP
Chicken Salad Surgery

What You Seek Is What You Get.

<bk*****@gmail.comwrote in message
news:11**********************@e3g2000cwe.googlegro ups.com...
My asp.net application (developed using vs2003) runs fine on a windows
2000 server using iis 5.0. Our network manager wants to do away with
any http connections and only use https for services that are used by
external users. I have not got a clue how to go about this. My users
are authenticated directly by querying a sql table where the user names
and passwords are stored. What do I need to do to my application or IIS
so that internal users use http and external use https? Any help on
this will be appreciated.
>
Sep 16 '06 #4
Thanks. This was helpful.
Vincent A. wrote:
Hi,

I'm not sure if it will helps you. But for my intranets, I generate an
SSL certificate with my own certificate authority created on a windows
2k3 server. It's really simple to implments if your goal is to crypt
data (you only need to install certificate authority component).
Otherwise, If your goal is to authenticate your server you have to
fallow KB on implementing a PKI infrastructure.

Hope it will help you.

Vincent
http://varod.blogspot.com

bkas...@gmail.com a écrit :
Thanks for you help. I am now much more conversed with https than I was
before. Do i really need to go through the bother of acquiring a
digital certificate if all we need is to allow remote users from
another private lan to access our application via https? The firewalls
on both sides make sure that only machines with specific ip addresses
can get through. The main reason for using https is the security of
data while on transit from one private network to another. Can we use a
self certification cheme? Do we need certification for every Web server
in our network? The application is an asp.net with virtually all codes
behind on the server with no explicit reference to http:// ... within
the codes?

PS Please forgive may ignorance. The main focus of my work is on
application develpment rather than implementation.
Kevin Spencer wrote:
Whbat you're talking about is using SSL (Secure Sockets Layer). This
encrypts data being sent back and forth between client and server. You need
to obtain and install a Secure Certificate on the web server first. See
http://www.verisign.com/ssl/ssl-information-center/ for details. After that,
it's simply a matter of ensuring that all links in the web site are via
HTTPS instead of HTTP, by changing any absolute path references to use
"https://" instead of "http://" A relative path that comes from an
HTTPS-requested page will use the same protocol.
>
--
HTH,
>
Kevin Spencer
Microsoft MVP
Chicken Salad Surgery
>
What You Seek Is What You Get.
>
<bk*****@gmail.comwrote in message
news:11**********************@e3g2000cwe.googlegro ups.com...
My asp.net application (developed using vs2003) runs fine on a windows
2000 server using iis 5.0. Our network manager wants to do away with
any http connections and only use https for services that are used by
external users. I have not got a clue how to go about this. My users
are authenticated directly by querying a sql table where the user names
and passwords are stored. What do I need to do to my application orIIS
so that internal users use http and external use https? Any help on
this will be appreciated.
Sep 16 '06 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

12 posts views Thread by Grunff | last post: by
2 posts views Thread by MisterKen | last post: by
4 posts views Thread by Chris Ashley | last post: by
reply views Thread by Saverio Tedeschi | last post: by
1 post views Thread by bjohns33 | last post: by
4 posts views Thread by totalstranger | last post: by
reply views Thread by gheharukoh7 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.