How do I implement HTTPS in an ASP.NET Project? - asp.net

I want to implement HTTPS in my ASP.NET application. How do I do it?

HTTPS need not be implemented within the code itself. As long as the code runs under a server that is implementing the SSL, you will have no problem.
Have a look here: Setting up SSL correctly with IIS and ASP.NET
The only thing is to make sure that any code that calls another page should also be under the SSL site, otherwise users will be given warnings. This especially is overlooked with images.

You could start looking at How To Set Up an HTTPS Service in IIS
Maybe this question is better answered in http://www.serverfault.com

Related

Is it easy to apply SSL to an already built website?

I'm building a website in ASP.NET, and I want it to have users so I'm creating a login page, database, aspx pages, etc, etc.
But I also want to implement SSL for extra security later on, but I don't know have the slightest idea if that will be a difficult or annoying, I have never implemented SSL for a website. So I'm wondering, is it "easy" or "hard" to apply SSL to my website after it's already built?
Do I have to build my website with SSL in mind from the start, or can I learn about it afterwards and then apply it?
You can configure SSL after deploying you website. No need to take extra measure at the time of building your web site and of-course it is very easy to implement. SSL configuration is used to encrypt the connections with your web-site. You can buy or use self signed certificate to encrypt the connection. Try these link for more info:
http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis
http://support.godaddy.com/help/article/4801/installing-an-ssl-certificate-in-microsoft-iis-7
Yes, you can easily add it to an existing site. Just obtain the certificate, set it up in IIS and you are good to go:
How do I add HTTPS to my asp.net website for account login?
Setting up SSL with ASP.NET - Part 1 of 3

UrlRewriting for Subdomains

In IIS7 using UrlRewrite module I want to do something likes this. I tried everywhere, possibly this is wellknown problem, but couldn't find any usefull solution.
Url "http://tom.mydomain.com" should be read internally as "http://mydomain.com/dashboard?g=tom"
I am using ASP.NET MVC, just in case info is required.
Finally, we have configured our own DNS server to handle this issue. So this question is no longer in my case. However, this seems to be not a good idea to rewrite such url. The Application Request Routing feature in IIS7 is one way to go

How to efficiently create facebook-like url-rewriting in asp.net

I'm currently looking into url-rewriting and how it should be done right and hope you have some inputs here.
At the current stage of development only the kind of url-rewriting I'm interested in is adding facebook like behavior to businesses to which we provide services on our site, i.e. www.mysite.com/ShowBusinessInfo.aspx?id=1 should be rewritten to www.mysite.com/HostedBusinessName. - The idea is that when a business registers on our site they can choose whatever the last part of the url should be.
What would be the best way to support this feature? Custom IHttpModule, Global.asax (I'm afraid that this is too slow?), UrlRewriter.net/UrlRewriting.net or a completely different solution.
The site is developed in asp.net and runs on IIS 7.5.
I've actually done something like this before and this is the article I used as a resource: http://stweet.wordpress.com/2010/03/15/creating-a-new-website-programmatically-on-iis-using-asp-net/
This article will tell you how to programmically add a web site to your IIS using C#. Keep in mind that depending on how your IIS and DNS is setup, you may need to also modify your DNS server. You can find various scripts for doing this here: http://msdn.microsoft.com/en-us/library/ms682129%28VS.85%29.aspx
Hope this helps!
If you have fairly simply rewriting rules, I'd use an IHttpModule that attempts to match the URL's LocalPath property with a value in your DB, and then calls context.RewritePath(string).
If you have more complex stuff, then I'd start looking at UrlRewriting.NET or the routing options in ASP.NET.

How to restrict asmx web services to be SSL Only

I've got an ASMX web service that works great through an SSL conection, but I would like to make these web services inaccessible without SSL.
In web forms, I would just use the following code:
if (!Request.IsSecureConnection) Response.Redirect ("SomeOtherPage.aspx");
I know that WCF promises to be better in every way, but it's a real PITA to get something simple done with a tool as complicated as WCF.
I have some other stuff on my site that is open to the public, so I chose not to take the IIS route. I did find a simple way in the asmx service to take care of the problem:
if (!this.Context.Request.IsSecureConnection)
return null;
Easy. Make a website in IIS that is only SSL and put this page in it.
Don't allow non-SSL connections to this website
In IIS (I can't remember exactly which version so it may have moved) under the security tab of the website or virtual directory you can set it to 'require secure channel'. This will force it to require https unless I'm mistaken.

Is there a way to determine what the SSL port is for a site from an ASP.NET application?

I have an ASP.NET application. I want to redirect to the secure port for the site, but the site may not necessarily be using the default of 443. Is there some environment variable or API call I can make to determine the currently configured SSL port for a site?
Thanks!
I asked a similar question here. So far, I didn't find a solution. If you had admin rights, you could use any number of Microsoft.Web.Administration, WMI or whatever to do it... but inside the web app I didn't find anything
If you don't know this port number upfront and it can't stored somewhere known (such as your web.config) you'd need to be able to query the IIS metabase to get the SecureBindings attribute of the site's IIsWebServer node.
There are a few ways to accomplish this, such as using the System.DirectoryServices namespace, but all of them require Full Trust or elevated permissions.
I'm almost totally ignorant of how ASP.NET works, but in general, there's no guarantee that there will be an SSL port. There could be none, there could be 5... I think you'll have to provide this info to your app through some sort of config file. My apologies if this is not relevant for ASP.NET.
Can't you use this re-direction technique?

Resources