Auto redirect http to https
in [ASP .NET]
|
From: John Kotuby on 19 Jul 2010 09:11 Hi all, I hope this is the right forum for this question as I am having difficulty with SSL and an ASP.NET 3.5 website. I could not seem to find an appropriate forum on Social MSDN either. I have deployed an ASP.NET 3.5 application to a Windows 2003 IIS6 server. There are 10 domains and 15 separate websites, most sharing the same IP address. Also the PLESK control panel is used to create the new domains/websites. The SSL cert is installed proerly and working fine. When someone types in the domain name with HTTP instead of HTTPS, I want the request to be redirected to the HTTPS site. I have tried changing code in the Global.asax such as... ======== Sub Application_BeginRequest(ByVal sender As Object, ByVal e As EventArgs) If (HttpContext.Current.Request.IsSecureConnection.Equals(False)) Then Response.Redirect("https://" + Request.ServerVariables("HTTP_HOST") + HttpContext.Current.Request.RawUrl) End If End Sub ======= THe code appears to run in the VS debugger but doesn't help. I still get... ======= The page must be viewed over a secure channel The page you are trying to access is secured with Secure Sockets Layer (SSL). Please try the following: Type https:// at the beginning of the address you are attempting to reach and press ENTER. HTTP Error 403.4 - Forbidden: SSL is required to view this resource. Internet Information Services (IIS) ========= I also tried in IIS Manger, in the properties page for the website, to redirect the URL on the Home tab to https://domain.com. But that didn't work either. It appears that the request is denied at a higher lever somehow. I am at a loss...as I see this behavior is handled properly on most Linux servers. Whay can't I get it to work on a Windows 2003 server? Thanks for any help...
From: Brian Cryer on 19 Jul 2010 12:00 "John Kotuby" <jkotuby75(a)comcast.net> wrote in message news:eggxKO0JLHA.5424(a)TK2MSFTNGP04.phx.gbl... > Hi all, > I hope this is the right forum for this question as I am having difficulty > with SSL and an ASP.NET 3.5 website. I could not seem to find an > appropriate forum on Social MSDN either. > > I have deployed an ASP.NET 3.5 application to a Windows 2003 IIS6 server. > There are 10 domains and 15 separate websites, most sharing the same IP > address. Also the PLESK control panel is used to create the new > domains/websites. > > The SSL cert is installed proerly and working fine. > > When someone types in the domain name with HTTP instead of HTTPS, I want > the request to be redirected to the HTTPS site. > > I have tried changing code in the Global.asax such as... > ======== > Sub Application_BeginRequest(ByVal sender As Object, ByVal e As EventArgs) > If (HttpContext.Current.Request.IsSecureConnection.Equals(False)) Then > Response.Redirect("https://" + Request.ServerVariables("HTTP_HOST") + > HttpContext.Current.Request.RawUrl) > End If > End Sub > ======= > THe code appears to run in the VS debugger but doesn't help. I still > get... > ======= > The page must be viewed over a secure channel > The page you are trying to access is secured with Secure Sockets Layer > (SSL). > > > > Please try the following: > Type https:// at the beginning of the address you are attempting to reach > and press ENTER. > HTTP Error 403.4 - Forbidden: SSL is required to view this resource. > Internet Information Services (IIS) > ========= > > I also tried in IIS Manger, in the properties page for the website, to > redirect the URL on the Home tab to https://domain.com. But that didn't > work either. > > It appears that the request is denied at a higher lever somehow. > > I am at a loss...as I see this behavior is handled properly on most Linux > servers. Whay can't I get it to work on a Windows 2003 server? > > Thanks for any help... This is a guess, but I think the message "This page must be viewed over a secure channel" is coming from IIS. If so then its probably producing the message before/instead-of running your code, so my guess is that your redirection in Global.asax from non-secure to secure isn't being reached. If this is the case then try changing the security in IIS to say that it doesn't require SSL. (Clear the "Require secure channel (SSL)" check box.) By clearing that option IIS will then let your site run secure or non-secure. I suspect that your handler will then fire and redirect you from non-secure to secure. Hope this helps. Please post back how you get on. -- Brian Cryer http://www.cryer.co.uk/brian
From: John Kotuby on 19 Jul 2010 12:21 Brian Thanks!!! Your "guess" was excellent. In IIS Manager in the "Directory Security" tab I clicked "Edit" under "Secure communications". Then I unchecked the box "Require secure channel(SSL)". Now the redirection in the Global.asax seems to be working just fine. I will need to test the site more thoroughly, but it looks like everything is running fine. Thanks again and have a great day! John "Brian Cryer" <not.here(a)localhost> wrote in message news:e3Bt8t1JLHA.2276(a)TK2MSFTNGP06.phx.gbl... > "John Kotuby" <jkotuby75(a)comcast.net> wrote in message > news:eggxKO0JLHA.5424(a)TK2MSFTNGP04.phx.gbl... >> Hi all, >> I hope this is the right forum for this question as I am having >> difficulty with SSL and an ASP.NET 3.5 website. I could not seem to find >> an appropriate forum on Social MSDN either. >> >> I have deployed an ASP.NET 3.5 application to a Windows 2003 IIS6 server. >> There are 10 domains and 15 separate websites, most sharing the same IP >> address. Also the PLESK control panel is used to create the new >> domains/websites. >> >> The SSL cert is installed proerly and working fine. >> >> When someone types in the domain name with HTTP instead of HTTPS, I want >> the request to be redirected to the HTTPS site. >> >> I have tried changing code in the Global.asax such as... >> ======== >> Sub Application_BeginRequest(ByVal sender As Object, ByVal e As >> EventArgs) >> If (HttpContext.Current.Request.IsSecureConnection.Equals(False)) Then >> Response.Redirect("https://" + Request.ServerVariables("HTTP_HOST") + >> HttpContext.Current.Request.RawUrl) >> End If >> End Sub >> ======= >> THe code appears to run in the VS debugger but doesn't help. I still >> get... >> ======= >> The page must be viewed over a secure channel >> The page you are trying to access is secured with Secure Sockets Layer >> (SSL). >> >> >> >> Please try the following: >> Type https:// at the beginning of the address you are attempting to reach >> and press ENTER. >> HTTP Error 403.4 - Forbidden: SSL is required to view this resource. >> Internet Information Services (IIS) >> ========= >> >> I also tried in IIS Manger, in the properties page for the website, to >> redirect the URL on the Home tab to https://domain.com. But that didn't >> work either. >> >> It appears that the request is denied at a higher lever somehow. >> >> I am at a loss...as I see this behavior is handled properly on most Linux >> servers. Whay can't I get it to work on a Windows 2003 server? >> >> Thanks for any help... > > This is a guess, but I think the message "This page must be viewed over a > secure channel" is coming from IIS. If so then its probably producing the > message before/instead-of running your code, so my guess is that your > redirection in Global.asax from non-secure to secure isn't being reached. > > If this is the case then try changing the security in IIS to say that it > doesn't require SSL. (Clear the "Require secure channel (SSL)" check box.) > By clearing that option IIS will then let your site run secure or > non-secure. I suspect that your handler will then fire and redirect you > from non-secure to secure. > > Hope this helps. Please post back how you get on. > -- > Brian Cryer > http://www.cryer.co.uk/brian > >
|
Pages: 1 Prev: SqlConnection problem - MySQL Next: Validate in Navision. |