I have a number of existing ASMX web services running on IIS7, and want to change them so that all requests and responses must be made over HTTPS.
The site is also running other pages like PHP and Classic ASP, so I can't just change the site root to serve HTTPS pages.
How can I set this per ASMX serivce (application), so that if somebody visits http://www.mydomain.com/MyService/ServiceName.asmx it either redirects them to https://www.mydomain.com/MyService/ServiceName.asmx or returns a 404 error ?
Thoughts and best approach ?
Have you tried with URL rewrite?
<rewrite>
<rules>
<rule name="Force HTTPS" stopProcessing="true">
<match url="(.*)/ServiceName.asmx" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
A simpler solution would be just to include the following code in the constructor of each service - allowing you to decide it on each service individually.
if (!HttpContext.Current.Request.IsSecureConnection)
{
var sslUrl = HttpContext.Current.Request.RawUrl.Replace("http://", "https://");
Response.Clear();
Response.Write(string.Format("This service requires a SSL connection please go to {0}", sslUrl));
Response.End();
// Or simply redirect
// Response.Redirect(sslUrl);
}
The redirect that #oexenhave used did not work for me. Instead I used the following (with a tip of the hat to #oexenhave for doing most of the good work)
if (!HttpContext.Current.Request.IsSecureConnection)
{
var sslUrl = HttpContext.Current.Request.RawUrl.Replace("http://", "https://");
Context.RewritePath(sslUrl);
}
Add this into the asmx constructor.
I will encourage you to use WCF instead of ASMX http://msdn.microsoft.com/en-us/library/aa480190.aspx.
For your above question, does this solve your issue?
http://msdn.microsoft.com/en-us/library/aa302409.aspx
Thanks...
Related
That title isn't very descriptive, but I couldn't figure out how to phrase my question very well. What I'm trying to do is use a single page to interpret multiple URLs. Here's an example: [domain]/name-of-question.aspx is clearly not a file on the site's server, and yet the server acts like it is. This behavior makes pages much more readable and more easily bookmark-able.
My vision for the solution is to be able to have to server redirect a request to a certain directory to a particular page, whilst appending the name of the page requested to the page as a URL parameter. Here's what I mean: [domain]/questions/name-of-question redirects to [domain]/question.aspx?page=name-of-question.
This is how reddit does their self posts, I think, but they don't use ASP.Net or IIS.
Is this possible, and if so, how would one implement this behavior? If there's any code you write, please write it in C#, because I don't know VB.Net very well. Thanks!
You need to use URL rewriting to accomplish this.
You have to create a rewrite rule that rewrites any requests to [domain]/questions/{1}
to [domain]/question.aspx?{1}
In ASP.NET you have the URL Rewriter module: http://www.iis.net/downloads/microsoft/url-rewrite
The rule might look similar to this and is applied in the web.config file:
<rewrite>
<rules>
<rule name="RewriteUserFriendlyURL1" stopProcessing="true">
<match url="questions/(.*)" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
</conditions>
<action type="Rewrite" url="question.aspx?{R:1}" />
<serverVariables>
<set name="{RESPONSE_CONTENT_TYPE}" value="image/png" />
</serverVariables>
</rule>
</rules>
</rewrite>
EDIT: To change the content type, add the serverVariables section in the rewrite rule and authorise that variable to be set in IIS manager:
If you are using ASP.NET 4.0+, then this might be worth a read, as ASP.NET Routing and URL Rewriting are not necessarily competing technologies, but potentially complementary features.
URL Rewriting vs. ASP.NET Routing
I recently got a SSL certificate for my website and want to redirect all traffic to HTTPS. I got everything to go to https://mydomain.com but if someone enters http://mydomain.com/anotherpage it drops the other page and just takes the user to the home page.
My rule in my web.config file looks like this:
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
</rule>
I also tried https://{HTTP_HOST}{REQUEST_URI} without any success. Can anyone tell me what I need to do to make the website redirect to the proper HTTPS version of the page? I have a feeling it has something to do with the pattern, but I can't seem to figure out the syntax.
I found a way to do this, and you don't need the Rewrite module for it. The following worked for me on Windows 8 (IIS 8.5):
Remove the HTTP binding from your site (leave HTTPS in place)
Add another site
Make sure that the new site has HTTP binding
Configure HTTP Redirect as shown:
Now all HTTP request will redirect to your HTTPS site and will preserve the rest of the URL.
Change it to:
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
I had the same problem where the R:1 was dropping my folders.
I fixed it like this.
<rule name="http to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}"
appendQueryString="false" redirectType="SeeOther" />
</rule>
I can't comment yet or I'd leave this as a comment under AndyH's answer. The solution was correct, though I hit a single further snag (likely tied to the use of Adobe's Coldfusion server). I wanted to share some further research I had to do for any other unfortunate soul who may run into it.
Once set up, the redirect would always end at this url:
https://xxx.xxx.com/jakarta/isapi_redirect.dll
The fix for this was found in an Adobe thread (https://forums.adobe.com/thread/1034854): I had to change an application pool's settings as follows:
Real site (HTTPS binding only, actually contains code and virtual directories)
Application pool's Advanced Settings: Enable 32-Bit Applications : False
Http_Redirect site (HTTP binding only, is a blank shell of a folder with no directories)
Application pool's Advanced Settings: Enable 32-Bit Applications : True
EDIT: Another detail, tied to query string preservation:
Per suggestion in this post (http://www.developerfusion.com/code/4678/permanent-301-redirect-with-querystring-in-iis/)
Add $S$Q at the end of the domain and make sure the box for Redirect all requests to exact destination is checked. Then it will save the query string as well.
I believe AndyH's answer to be the easiest and best way. I have found using the URL rewrite can also conflict with code that may redirect the user to another page. IT commonly broke in our environment. But Andy's solution worked flawlessly. I also think Andy's solution will put less overhead on the server as it doesn't need to examine every url hitting it for possible re-write conditions.
I found a workaround:
Consider what in IIS is consired a website: simply a set of rules, the path in which get files and its bindings.
Furthermore, there's available a function called "HTTP Redirect" (included standardly in IIS), that redirect an host to another, keeping all subdirectory (it makes a relative path). The workaround is to leave just the binding for HTTPS (port 443) in your website, and create another with the binding on HTTP (port 80) and set for this an HTTP redirect to your URL with https://.
For example, consider a website called mytest and its urls http://www.mytest.com/ and https://www.mytest.com/.
Set for it instead only binding on https://www.mytest.com/, and delete the http binding. Then create a new website with the same local path, called mytest http with just a binding over port 80 (http://www.mytest.com/) and set for this one an HTTP Redirect to https://www.mytest.com/.
Simple and clean, and that should be as fast as directly the https url for the user, because it's just an internal redirect. I hope that can work for you!
You can add the URL Rewrite module to IIS (IIS 7 or higher) which allows you to add create the redirect in a visual way. The module can be downloaded here.
This step-by-step tutorial worked wonders for me and explains that when using this module, all it actually does is add some code to your web.config file as such:
<rewrite>
<rules>
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>
</rules>
</rewrite>
I have found that the
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
syntax will only work for the website's ROOT web.config file.
If the rewrite rule is applied to a virtual web.config file, then use..
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{URL}" />
The {URL} syntax will include the initial forward slash, the virtual path, and any URL parameters.
I understand how routing works in asp.net web from.
I want to prevent users to access urls like 'Default.aspx'. So when a user tried access url like 'Default.aspx' it redirected to 'Default'.
For example i tried this:
routes.MapPageRoute("", "Default.aspx", "~/Default");
but it does not work! Is there another way?
Please excuse me for poor and bad English.
Webforms or MVC? It's not clear from your question and tagging....
Where have you added this code in your app? It needs to be in application_start() in global.ascx for a WebForms app.
Alternatively, You can try re-writing the url in the web.config (in system.webServer):
<rewrite>
<rules>
<rule name="MyRuleName" stopProcessing="true">
<match url="^default$" ignoreCase="true" />
<action type="Rewrite" url="/default.aspx" />
</rule>
</rules>
</rewrite>
I'm currently planning to deploy a site with a third party hosting provider. I will only have access to the server via ftp and a tool similar to cpanel called WebsitePanel.
No access to IIS set up or configs.
Is there anyway to redirect http://www.example.com to http://example.com?
Place this in your web.config using your values for domain.com. This leverages the URL rewrite rules of the web.config and IIS 7.
<system.webServer> / <rewrite> / <rules>
<rule name="Remove WWW prefix" >
<match url="(.*)" ignoreCase="true" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www\.domain\.com" />
</conditions>
<action type="Redirect" url="http://domain.com/{R:1}"
redirectType="Permanent" />
</rule>
Typically, the "tool similar to cpanel" should give you this option.
Failing that, you should be able to:
a) set a custom 404 page pointing, to, say, myredirector.asp [or whatever server-side script you wish to use]
b) in myredirector.asp [or whatever] , do a server-side redirect as appropriate.
Not as clean as a straight IIS redirect, but it works pretty good.
I'd suggest you do this through the domain's DNS configuration, rather than through your application. It's much simpler and doesn't rely on application code to work (so if you deploy a whole new application, you don't have to remember to add any config entries or similar).
Same thing can be done to add the prefix www also. A blog post for the same at following URL:
http://karmic-development.blogspot.in/2013/10/add-prefix-www-automatically-in-url-in.html
What's the simplest and most effective way to selectively redirect HTTP requests to your ASP.NET page to its HTTPS equivalent?
For example, if my page site URL is http://www.somesite.com, I want to redirect some (or all) page requests to https://www.somesite.com.
What's the easiest way to do that?
I use this code to do that.
http://www.codeproject.com/KB/web-security/WebPageSecurity_v2.aspx
I like to say, that the only minus is that is not use "Regular expression pattern matching", but it was very easy to add it on the code.
Depending on what version of IIS you are using and whether you have access to it and whether you want to write custom code or configure a product feature.
IIS5, IIS6:
http://weblogs.asp.net/scottgu/archive/2007/02/26/tip-trick-url-rewriting-with-asp-net.aspx
IIS7, IIS7.5:
URL Rewrite:
http://learn.iis.net/page.aspx/460/using-the-url-rewrite-module/
Here's an example of a rule to redirect http://.../checkout.aspx to https:
<rule name="CheckoutToSSL" stopProcessing="true">
<match url="^checkout.aspx*" ignoreCase="true" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{REQUEST_URI}" />
</rule>
ASP.NET Routing:
http://msdn.microsoft.com/en-us/library/cc668201.aspx
Difference between IIS7,7.5 rewrite and ASP.NET routing
http://learn.iis.net/page.aspx/496/iis-url-rewriting-and-aspnet-routing/