ASP.NET and SSL basic question.

Discussion in 'ASP .Net Security' started by Russ, Aug 24, 2003.

  1. Russ

    Russ Guest

    Hi,

    Apologies if this question is a bit basic, but I can't seem to find any
    documentation anywhere. I have an asp.net site running on Windows 2003
    server, and I need one .aspx page to be secured using SSL. I haven't
    bought a certificate yet, but I have set the SLL port to 443 on the web
    site.

    My question is do I have to create another site on my server, and secure it,
    or can I just say create a sub directory on my current site, place my one
    aspx page in the and secure the sub directory? I would like, if possible,
    to maintian session info between the non secure and the secure parts of the
    site, but I'm clueless as to whether this is possible.

    Could someone please point me to some documentation?

    Thanks,
    Russ
    Russ, Aug 24, 2003
    #1
    1. Advertising

  2. Hi Russ,

    It's possible to create a sub directory, place the "aspx" page in and
    secure the sub directory. It is also possible to maintain the session info
    between the non secure and the secure parts of the site,

    You may check the following links for more information.

    How To: Set Up SSL on a Web Server
    <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/h
    tml/SecNetHT16.asp>

    813829 INFO: Help Secure Forms Authentication by Using Secure Sockets Layer
    <http://support.microsoft.com/?id=813829>

    HOW TO: Enable SSL for All Customers Who Interact with Your Web Site in
    Internet Information Services
    <http://support.microsoft.com/?id=298805>

    Hope this helps.

    Best regards,
    Lewis

    This posting is provided "AS IS" with no warranties, and confers no rights.


    --------------------
    | From: "Russ" <>
    | Subject: ASP.NET and SSL basic question.
    | Date: Sun, 24 Aug 2003 13:34:03 +0100
    | Lines: 20
    | X-Priority: 3
    | X-MSMail-Priority: Normal
    | X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
    | Message-ID: <#>
    | Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    | NNTP-Posting-Host: client-513-p1-sms.glfd.adsl.virgin.net 81.107.226.0
    | Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
    | Xref: cpmsftngxa06.phx.gbl
    microsoft.public.dotnet.framework.aspnet.security:6407
    | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    |
    | Hi,
    |
    | Apologies if this question is a bit basic, but I can't seem to find any
    | documentation anywhere. I have an asp.net site running on Windows 2003
    | server, and I need one .aspx page to be secured using SSL. I haven't
    | bought a certificate yet, but I have set the SLL port to 443 on the web
    | site.
    |
    | My question is do I have to create another site on my server, and secure
    it,
    | or can I just say create a sub directory on my current site, place my one
    | aspx page in the and secure the sub directory? I would like, if
    possible,
    | to maintian session info between the non secure and the secure parts of
    the
    | site, but I'm clueless as to whether this is possible.
    |
    | Could someone please point me to some documentation?
    |
    | Thanks,
    | Russ
    |
    |
    |
    Lewis Wang [MSFT], Aug 25, 2003
    #2
    1. Advertising

  3. Russ

    Russ Guest

    That's great Lewis,

    Thank you so much

    Russ


    "Lewis Wang [MSFT]" <> wrote in message
    news:...
    > Hi Russ,
    >
    > It's possible to create a sub directory, place the "aspx" page in and
    > secure the sub directory. It is also possible to maintain the session info
    > between the non secure and the secure parts of the site,
    >
    > You may check the following links for more information.
    >
    > How To: Set Up SSL on a Web Server
    >

    <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/h
    > tml/SecNetHT16.asp>
    >
    > 813829 INFO: Help Secure Forms Authentication by Using Secure Sockets

    Layer
    > <http://support.microsoft.com/?id=813829>
    >
    > HOW TO: Enable SSL for All Customers Who Interact with Your Web Site in
    > Internet Information Services
    > <http://support.microsoft.com/?id=298805>
    >
    > Hope this helps.
    >
    > Best regards,
    > Lewis
    >
    > This posting is provided "AS IS" with no warranties, and confers no

    rights.
    >
    >
    > --------------------
    > | From: "Russ" <>
    > | Subject: ASP.NET and SSL basic question.
    > | Date: Sun, 24 Aug 2003 13:34:03 +0100
    > | Lines: 20
    > | X-Priority: 3
    > | X-MSMail-Priority: Normal
    > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
    > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
    > | Message-ID: <#>
    > | Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    > | NNTP-Posting-Host: client-513-p1-sms.glfd.adsl.virgin.net 81.107.226.0
    > | Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
    > | Xref: cpmsftngxa06.phx.gbl
    > microsoft.public.dotnet.framework.aspnet.security:6407
    > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    > |
    > | Hi,
    > |
    > | Apologies if this question is a bit basic, but I can't seem to find any
    > | documentation anywhere. I have an asp.net site running on Windows

    2003
    > | server, and I need one .aspx page to be secured using SSL. I haven't
    > | bought a certificate yet, but I have set the SLL port to 443 on the web
    > | site.
    > |
    > | My question is do I have to create another site on my server, and secure
    > it,
    > | or can I just say create a sub directory on my current site, place my

    one
    > | aspx page in the and secure the sub directory? I would like, if
    > possible,
    > | to maintian session info between the non secure and the secure parts of
    > the
    > | site, but I'm clueless as to whether this is possible.
    > |
    > | Could someone please point me to some documentation?
    > |
    > | Thanks,
    > | Russ
    > |
    > |
    > |
    >
    Russ, Aug 25, 2003
    #3
  4. Russ

    Cliff Harris Guest

    I didn't see anything in the articles that specifically related to how to
    maintain session state between requests.
    If I set the requireSSL tag to 'true', does it automatically set up the SSL,
    or does it just mean that the page
    will throw an error if I don't use "https" myself.
    If the former is the case, then does this automatically save session state,
    or is there still something i have to do
    to solve this?

    Also, if I want to secure a page by essentially redirecting the user to the
    page useing Response.Redirect("https://...."),
    how would I, if it's possible, maintain state in this case? Would
    Server.Transfer work for this?

    THanks,
    -Clint


    "Lewis Wang [MSFT]" <> wrote in message
    news:...
    > Hi Russ,
    >
    > It's possible to create a sub directory, place the "aspx" page in and
    > secure the sub directory. It is also possible to maintain the session info
    > between the non secure and the secure parts of the site,
    >
    > You may check the following links for more information.
    >
    > How To: Set Up SSL on a Web Server
    >

    <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/h
    > tml/SecNetHT16.asp>
    >
    > 813829 INFO: Help Secure Forms Authentication by Using Secure Sockets

    Layer
    > <http://support.microsoft.com/?id=813829>
    >
    > HOW TO: Enable SSL for All Customers Who Interact with Your Web Site in
    > Internet Information Services
    > <http://support.microsoft.com/?id=298805>
    >
    > Hope this helps.
    >
    > Best regards,
    > Lewis
    >
    > This posting is provided "AS IS" with no warranties, and confers no

    rights.
    >
    >
    > --------------------
    > | From: "Russ" <>
    > | Subject: ASP.NET and SSL basic question.
    > | Date: Sun, 24 Aug 2003 13:34:03 +0100
    > | Lines: 20
    > | X-Priority: 3
    > | X-MSMail-Priority: Normal
    > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
    > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
    > | Message-ID: <#>
    > | Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    > | NNTP-Posting-Host: client-513-p1-sms.glfd.adsl.virgin.net 81.107.226.0
    > | Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
    > | Xref: cpmsftngxa06.phx.gbl
    > microsoft.public.dotnet.framework.aspnet.security:6407
    > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    > |
    > | Hi,
    > |
    > | Apologies if this question is a bit basic, but I can't seem to find any
    > | documentation anywhere. I have an asp.net site running on Windows

    2003
    > | server, and I need one .aspx page to be secured using SSL. I haven't
    > | bought a certificate yet, but I have set the SLL port to 443 on the web
    > | site.
    > |
    > | My question is do I have to create another site on my server, and secure
    > it,
    > | or can I just say create a sub directory on my current site, place my

    one
    > | aspx page in the and secure the sub directory? I would like, if
    > possible,
    > | to maintian session info between the non secure and the secure parts of
    > the
    > | site, but I'm clueless as to whether this is possible.
    > |
    > | Could someone please point me to some documentation?
    > |
    > | Thanks,
    > | Russ
    > |
    > |
    > |
    >
    Cliff Harris, Sep 25, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. 620
    Replies:
    2
    Views:
    987
    Murat Tunaboylu
    Jan 6, 2004
  2. John Smith
    Replies:
    0
    Views:
    374
    John Smith
    Oct 5, 2006
  3. Svante
    Replies:
    10
    Views:
    278
    Paul Clement
    Dec 10, 2004
  4. Nathan Crosby

    ASP.net SSL w/ an SSL Accelerator

    Nathan Crosby, Jul 25, 2006, in forum: ASP .Net Security
    Replies:
    2
    Views:
    186
    Nathan Crosby
    Aug 18, 2006
  5. Pavel Smerk
    Replies:
    3
    Views:
    133
    Michal Suchanek
    Aug 15, 2006
Loading...

Share This Page