ASP.NET and SSL basic question.

[Russ]

Hi,

Apologies if this question is a bit basic, but I can't seem to find any
documentation anywhere. I have an asp.net site running on Windows 2003
server, and I need one .aspx page to be secured using SSL. I haven't
bought a certificate yet, but I have set the SLL port to 443 on the web
site.

My question is do I have to create another site on my server, and secure it,
or can I just say create a sub directory on my current site, place my one
aspx page in the and secure the sub directory? I would like, if possible,
to maintian session info between the non secure and the secure parts of the
site, but I'm clueless as to whether this is possible.

Could someone please point me to some documentation?

Thanks,
Russ

 

[Lewis Wang [MSFT]]

Hi Russ,

It's possible to create a sub directory, place the "aspx" page in and
secure the sub directory. It is also possible to maintain the session info
between the non secure and the secure parts of the site,

You may check the following links for more information.

How To: Set Up SSL on a Web Server
<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/h
tml/SecNetHT16.asp>

813829 INFO: Help Secure Forms Authentication by Using Secure Sockets Layer
<http://support.microsoft.com/?id=813829>

HOW TO: Enable SSL for All Customers Who Interact with Your Web Site in
Internet Information Services
<http://support.microsoft.com/?id=298805>

Hope this helps.

Best regards,
Lewis

This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
| From: "Russ" <[email protected]>
| Subject: ASP.NET and SSL basic question.
| Date: Sun, 24 Aug 2003 13:34:03 +0100
| Lines: 20
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <#[email protected]>
| Newsgroups: microsoft.public.dotnet.framework.aspnet.security
| NNTP-Posting-Host: client-513-p1-sms.glfd.adsl.virgin.net 81.107.226.0
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet.security:6407
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
|
| Hi,
|
| Apologies if this question is a bit basic, but I can't seem to find any
| documentation anywhere. I have an asp.net site running on Windows 2003
| server, and I need one .aspx page to be secured using SSL. I haven't
| bought a certificate yet, but I have set the SLL port to 443 on the web
| site.
|
| My question is do I have to create another site on my server, and secure
it,
| or can I just say create a sub directory on my current site, place my one
| aspx page in the and secure the sub directory? I would like, if
possible,
| to maintian session info between the non secure and the secure parts of
the
| site, but I'm clueless as to whether this is possible.
|
| Could someone please point me to some documentation?
|
| Thanks,
| Russ
|
|
|

 

[Russ]

That's great Lewis,

Thank you so much

Russ

 

[Cliff Harris]

I didn't see anything in the articles that specifically related to how to
maintain session state between requests.
If I set the requireSSL tag to 'true', does it automatically set up the SSL,
or does it just mean that the page
will throw an error if I don't use "https" myself.
If the former is the case, then does this automatically save session state,
or is there still something i have to do
to solve this?

Also, if I want to secure a page by essentially redirecting the user to the
page useing Response.Redirect("https://...."),
how would I, if it's possible, maintain state in this case? Would
Server.Transfer work for this?

THanks,
-Clint