Deploying web application: How to make just one page secure (https) - asp.net

I am a new to web deployment and I am deployed a website for testing on IIS, the website is non secure (http) site but one page should be secure (https).
Can anyone suggest me how I can achieve it and it should not warn the user while switching between 'http' and 'https'.

SSL or Secure Socket Layer would be bound to a website through bindings. That is, you can tell IIS to redirect the incoming request traffics to a website, when for example the requested URL would be like http://domain.com/ or https://doamin.com, or http://200.202.150.200:8080/ or stuff like that.
Therefore, it's not a matter of IIS to set HTTPS only for one page. It's rather how to manage your URLs while redirecting user. In other words, it's a navigational matter.

I havent used IIS but I did this recently with Apache.
I did the following:
Set up a redirect for the page that you wish to secure so it redirects to HTTPS.
Set up a redirect for every other page to redirect from HTTPS to HTTP
Ensured static files such as images css and js are not affected by the above rules (These files need to work on both HTTP and HTTPS

If you need this commercially, I would recommend to use Helicon tool to redirect that particular page to HTTPS.
Using Helicon tool you can redirect the HTTP request to HTTPS for any specific page or whole site by writing the Rules.

In IIS 7 there is way to define new rules in "URL Rewrite" section for a particular web site. By this you can define a regular expiration and based on that you can redirect any pages which matches the expression to the page which you want. Lets say you are going to redirect http:\x.com\sample.aspx to https:\x.com\sample.aspx. For this do the following steps:
select your website on IIS
click URL Rewrite
Add Rule(s)
Select Blank rule
Then define your pattern in this case : lets say ^sample(any page start with sample). you can define any expression as you like.
in Action section select Redirect in Action type dropdown
in Redirect URL put https:\x.com\sample.aspx
save it and restart your website
you can then add any other rules as you want o match your request
And also in some other complex scenarios you can write your own scripts here

Related

Azure App Service won't serve via HTTP

I have an ASP.net MVC app running on Azure App Service ... I've searched for the answer, but have not found it ... my app seems to always force HTTPS redirect, no matter what. All the docs say it should serve content via HTTP by default, but it does not. Most everyone has the opposite problem of needing to redirect HTTP to HTTPS.
I need Azure App Service to do the following:
1) Serve static Default.htm page via HTTP, without redirecting to HTTPS
My app has a custom domain and no SSL for the custom domain. I want the URL http://example.com/Default.htm to serve the static page, not redirect to HTTPS to serve the static page. I will use azurewebsites domain when I want users to be in HTTPS. I want to use my custom domain name to serve a static home page for users arriving at my site.
As far as I can determine, I do not have any app extensions installed (such s https redirect extension), or anything in web.config to force https, or any RequireHTTPS attributes ... can anyone explain why plain old regular boring HTTP doesn't work here?
Thanks

IIS configurations issue

We are setting up a website with secure and non secure pages. These have been added for mapping in uriworker.properties. The domain name in the urls are different . Example nonsecure url is x-y-z.a.b.org and our secure url is x-y-secure-z.a.b.org.Both of these domains are part of our DNS entry. We do not have any redirect rules configured within the webserver. But when we try to access the secure url https://x-y-secure-z.a.b.org, webserver is sending the request as http://x-y-secure-z.a.b.org:443. Due to the scheme not being https , the application does not identify this as secure request and is returning a 302 to the https url. This redirection happens infinitely and then an error appears which says that page is not redirecting properly.
After a lot of analysis , we figured out that the application had a hardcoded check on the scheme of the domain name to be in a certain format as secure.xyz.

how to access the http and https in the same page in asp.net?

I am creating a website with password-protected pages in it.
I have two type of customer: 1. normal 2. secured
For secured customers, pages would be rendered over HTTPS whereas for normal customer, pages will be rendered over HTTP.
However, pages for both types of users would be same but the content will change.
Please note, the URL for the two users should be same except HTTP/HTTPS part.
Can anyone pls suggest how to structure the application so that the same page will act as both http and https?
Also would like to know, sometimes when we browse some HTTPS page and few of the items like image are referenced over HTTP then we get a cross in Address Bar indicating that some of the resources are not over HTTPS.
How can we overcome this problem, any suggestions?
This should be fine, when the user logs in, redirect them to an https:// page. Just use the same page addresses, only the scheme (http or https) needs to change.
To avoid problems with choosing between http or https (for example in image URLs like you mention), try to use relative URLs whenever possible, instead of absolute URLs. So if you're on https://test.com/index.html and want to display an image in an images directory, use /images/test.jpg (relative) rather than https://images/test.jpg (absolute).
If you have to use absolute, you can use a scheme-relative url - for example //images/test.jpg will use HTTP if the current page is using HTTP, and HTTPS if the page is using HTTPS.
See this question and this one for more details.

Moving a domain

Hi I am hoping for some advice.
I have just managed to get a .co domain so I wish to point all requests from my .co.nz domain to the .co
I am running IIS7.5
I have created a services site e.g. services.mydomain.co.nz and the website mydomain.co.nz both are running on their own website and app pool.
At the moment I don't want to break any of the web services so I want to keep the services site as services.mydomain.co.nz but I want to automatically redirect website users to the .co domain instead of .co.nz
So far I have added a new host header in IIS and this allows me to hit the website using the .co domain but I can still hit the site using .co.nz
Do I need to create a url rewrite function to help with this?
You can use http redirection in IIS to direct all requests at the old domain to exactly the same path at the new domain.
You want to choose options as I have in this photo:
Include the full base url to the new site, ending at the slash after the domain name. then leave the other options as I have them; this way, any request at the old domain will be sent a 301 "permanent" code to redirect to the new, equivalent page on the new site.
Note that it's important that you do not check the first of those checkboxes under 'Redirect Behavior'; that will make it send all requests to the home page of your site, rather than to the same path url.
This should be on a separate IIS site, by the way.

Can I detect if SSL/https is enabled for an ASP.NET website from within the site's code?

I'm working on a CMS that can run either with or without https enabled on the webserver. I'd like to be able to detect whether https is enabled or not, so that I can act accordingly (for example, display some https-related options to the administrator, and redirect to https for administrator logins).
I'm not looking for Request.IsSecureConnection because that only tells me if the current request is via https. I want something that will tell me whether the current bindings for the site in IIS include a binding for https at the same domain as the current request is on. So, for example, even if the current request is for http://example.com/ and thus not secure, I want to know whether https://example.com/ would work so I can (for example) redirect the user to it if they log in as administrator.
I've had no luck looking for anything in System.Web.Configuration that will tell me about the bindings of the current site, though.
My current workaround is just to require the administrator to set an appSetting in web.config if https is enabled, but I'd prefer if I could make it automatic. Having to set the same thing twice - once in IIS and once in web.config - is confusing.
The simplest way is to make an https request to the site from the site and if it succeeds then you know https is supported. Cache this in a static variable so it's only called once per app invocation.
Depending on your IIS version you can use managemed .net code to do administrative tasks in IIS7. This is an example of querying a site for its bindings to see if https is enabled
http://msdn.microsoft.com/en-us/library/microsoft.web.administration.bindingcollection(v=VS.90).aspx

Resources