asp.net application - http to https

[bkasmai]

My asp.net application (developed using vs2003) runs fine on a windows
2000 server using iis 5.0. Our network manager wants to do away with
any http connections and only use https for services that are used by
external users. I have not got a clue how to go about this. My users
are authenticated directly by querying a sql table where the user names
and passwords are stored. What do I need to do to my application or IIS
so that internal users use http and external use https? Any help on
this will be appreciated.

 

[Kevin Spencer]

Whbat you're talking about is using SSL (Secure Sockets Layer). This
encrypts data being sent back and forth between client and server. You need
to obtain and install a Secure Certificate on the web server first. See
http://www.verisign.com/ssl/ssl-information-center/ for details. After that,
it's simply a matter of ensuring that all links in the web site are via
HTTPS instead of HTTP, by changing any absolute path references to use
"https://" instead of "http://" A relative path that comes from an
HTTPS-requested page will use the same protocol.

--
HTH,

Kevin Spencer
Microsoft MVP
Chicken Salad Surgery

What You Seek Is What You Get.

 

[bkasmai]

Thanks for you help. I am now much more conversed with https than I was
before. Do i really need to go through the bother of acquiring a
digital certificate if all we need is to allow remote users from
another private lan to access our application via https? The firewalls
on both sides make sure that only machines with specific ip addresses
can get through. The main reason for using https is the security of
data while on transit from one private network to another. Can we use a
self certification cheme? Do we need certification for every Web server
in our network? The application is an asp.net with virtually all codes
behind on the server with no explicit reference to http:// ... within
the codes?

PS Please forgive may ignorance. The main focus of my work is on
application develpment rather than implementation.

 

[Vincent A.]

Hi,

I'm not sure if it will helps you. But for my intranets, I generate an
SSL certificate with my own certificate authority created on a windows
2k3 server. It's really simple to implments if your goal is to crypt
data (you only need to install certificate authority component).
Otherwise, If your goal is to authenticate your server you have to
fallow KB on implementing a PKI infrastructure.

Hope it will help you.

Vincent
http://varod.blogspot.com

(e-mail address removed) a écrit :

 

[bkasmai]

Thanks. This was helpful.

Hi,

I'm not sure if it will helps you. But for my intranets, I generate an
SSL certificate with my own certificate authority created on a windows
2k3 server. It's really simple to implments if your goal is to crypt
data (you only need to install certificate authority component).
Otherwise, If your goal is to authenticate your server you have to
fallow KB on implementing a PKI infrastructure.

Hope it will help you.

Vincent
http://varod.blogspot.com

(e-mail address removed) a écrit :