How to use HTTPS in an ASP.Net Application How to use HTTPS in an ASP.Net Application asp.net asp.net

How to use HTTPS in an ASP.Net Application


asp.net https

  1. First get or create a certificate

  2. Get the SecureWebPageModule module from http://www.codeproject.com/Articles/7206/Switching-Between-HTTP-and-HTTPS-Automatically-Ver. Instructions for setup can be found in the article.

  3. Add secureWebPages tag to web.config

    <configuration>    ...    <secureWebPages enabled="true">        ...    </secureWebPages>    ...    <system.web>        ...    </system.web></configuration>

  4. Add files and directories to be use for https protocol:

    <secureWebPages enabled="true">    <file path="Login.aspx" />    <file path="Admin/Calendar.aspx" ignore="True" />    <file path="Members/Users.aspx" />    <directory path="Admin" />    <directory path="Members/Secure" /></secureWebPages>

Hope this helps!

asp.net https

You can publish your own certificate or you can purchase one. The caveat is that purchasing one, depending on the company, means that it's already stored in the certificate store for most browsers. Your self published one will not be and your users will have to take the extra step of installing your cert.

You don't say what version of IIS you're using, but here are some detailed instructions for IIS 6

You can purchase relatively cheap certs or you can go with the big boys (verisign) and get an extended validation certificate which turns your address bar in IE, green. It's also a somewhat rigorous validation process and takes time.

If you know all of the users that will be hitting your website, there's no problem with installing your own. However, for an open website with anonymous users (that you don't know), it's probably best to purchase one that is already in most major browsers, certificate stores.

You can enable SSL via IIS and require it for only your login.aspx page and not for the rest.

asp.net https

After you get SSL setup/installed, you want to do some sort of redirect on the login page to https://. Then whatever page the user is sent to after validation, it can just be http://. 

Protected Sub Page_PreRender(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.PreRender    If Request.IsSecureConnection = False And _        Not Request.Url.Host.Contains("localhost") Then        Response.Redirect(Request.Url.AbsoluteUri.Replace("http://", "https://"))    End IfEnd Sub

This may be easier to implement on a master page or just all the pages you require https. By checking for "localhost" you will avoid getting an error in your testing environment (Unless your test server has another name than check for that: "mytestservername").

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last