I want to set up SSL page for only login page. How can I do it? I a referring this article:
But this link sets up SSL on whole website which is never advisable. How can I just enable it for login page or other pages where secure information is needed. I am using IIS 7.5, Asp.Net 4.0
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
One simple way is to check if the page is secure when you entering the login page, and after the login to redirect him on a non secure page.
You can check if the page is secure by using this command
HttpContext.Current.Request.IsSecureConnection
The IsSecureConnection, actually check if the url starts with https://
For exampe, if you add this on login page, on PageLoad or on init can do the work
if(!HttpContext.Current.Request.IsSecureConnection)
{
Response.Redirect(Request.Url.Replace("http://","https://"),true);
return;
}
But then you need to redirect him to the non secure page when you leave the login page.
One more complex way, but more sure, is to use a code that check not only one page, but all pages base on rules. I suggest this code that I personally use :
http://www.codeproject.com/KB/web-security/WebPageSecurity_v2.aspx
and
http://code.google.com/p/securityswitch/
Ps The SSL is run in parallel with the non ssl pages, on different port. Its up to you where to navigate your users. So there is not “only one page ssl” option.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0