asp.net application - http to https

Discussion in 'ASP .Net' started by bkasmai@gmail.com, Sep 15, 2006.

  1. Guest

    My asp.net application (developed using vs2003) runs fine on a windows
    2000 server using iis 5.0. Our network manager wants to do away with
    any http connections and only use https for services that are used by
    external users. I have not got a clue how to go about this. My users
    are authenticated directly by querying a sql table where the user names
    and passwords are stored. What do I need to do to my application or IIS
    so that internal users use http and external use https? Any help on
    this will be appreciated.
     
    , Sep 15, 2006
    #1
    1. Advertising

  2. Whbat you're talking about is using SSL (Secure Sockets Layer). This
    encrypts data being sent back and forth between client and server. You need
    to obtain and install a Secure Certificate on the web server first. See
    http://www.verisign.com/ssl/ssl-information-center/ for details. After that,
    it's simply a matter of ensuring that all links in the web site are via
    HTTPS instead of HTTP, by changing any absolute path references to use
    "https://" instead of "http://" A relative path that comes from an
    HTTPS-requested page will use the same protocol.

    --
    HTH,

    Kevin Spencer
    Microsoft MVP
    Chicken Salad Surgery

    What You Seek Is What You Get.

    <> wrote in message
    news:...
    > My asp.net application (developed using vs2003) runs fine on a windows
    > 2000 server using iis 5.0. Our network manager wants to do away with
    > any http connections and only use https for services that are used by
    > external users. I have not got a clue how to go about this. My users
    > are authenticated directly by querying a sql table where the user names
    > and passwords are stored. What do I need to do to my application or IIS
    > so that internal users use http and external use https? Any help on
    > this will be appreciated.
    >
     
    Kevin Spencer, Sep 15, 2006
    #2
    1. Advertising

  3. Guest

    Thanks for you help. I am now much more conversed with https than I was
    before. Do i really need to go through the bother of acquiring a
    digital certificate if all we need is to allow remote users from
    another private lan to access our application via https? The firewalls
    on both sides make sure that only machines with specific ip addresses
    can get through. The main reason for using https is the security of
    data while on transit from one private network to another. Can we use a
    self certification cheme? Do we need certification for every Web server
    in our network? The application is an asp.net with virtually all codes
    behind on the server with no explicit reference to http:// ... within
    the codes?

    PS Please forgive may ignorance. The main focus of my work is on
    application develpment rather than implementation.


    Kevin Spencer wrote:
    > Whbat you're talking about is using SSL (Secure Sockets Layer). This
    > encrypts data being sent back and forth between client and server. You need
    > to obtain and install a Secure Certificate on the web server first. See
    > http://www.verisign.com/ssl/ssl-information-center/ for details. After that,
    > it's simply a matter of ensuring that all links in the web site are via
    > HTTPS instead of HTTP, by changing any absolute path references to use
    > "https://" instead of "http://" A relative path that comes from an
    > HTTPS-requested page will use the same protocol.
    >
    > --
    > HTH,
    >
    > Kevin Spencer
    > Microsoft MVP
    > Chicken Salad Surgery
    >
    > What You Seek Is What You Get.
    >
    > <> wrote in message
    > news:...
    > > My asp.net application (developed using vs2003) runs fine on a windows
    > > 2000 server using iis 5.0. Our network manager wants to do away with
    > > any http connections and only use https for services that are used by
    > > external users. I have not got a clue how to go about this. My users
    > > are authenticated directly by querying a sql table where the user names
    > > and passwords are stored. What do I need to do to my application or IIS
    > > so that internal users use http and external use https? Any help on
    > > this will be appreciated.
    > >
     
    , Sep 16, 2006
    #3
  4. Vincent A. Guest

    Hi,

    I'm not sure if it will helps you. But for my intranets, I generate an
    SSL certificate with my own certificate authority created on a windows
    2k3 server. It's really simple to implments if your goal is to crypt
    data (you only need to install certificate authority component).
    Otherwise, If your goal is to authenticate your server you have to
    fallow KB on implementing a PKI infrastructure.

    Hope it will help you.

    Vincent
    http://varod.blogspot.com

    a écrit :

    > Thanks for you help. I am now much more conversed with https than I was
    > before. Do i really need to go through the bother of acquiring a
    > digital certificate if all we need is to allow remote users from
    > another private lan to access our application via https? The firewalls
    > on both sides make sure that only machines with specific ip addresses
    > can get through. The main reason for using https is the security of
    > data while on transit from one private network to another. Can we use a
    > self certification cheme? Do we need certification for every Web server
    > in our network? The application is an asp.net with virtually all codes
    > behind on the server with no explicit reference to http:// ... within
    > the codes?
    >
    > PS Please forgive may ignorance. The main focus of my work is on
    > application develpment rather than implementation.
    >
    >
    > Kevin Spencer wrote:
    > > Whbat you're talking about is using SSL (Secure Sockets Layer). This
    > > encrypts data being sent back and forth between client and server. You need
    > > to obtain and install a Secure Certificate on the web server first. See
    > > http://www.verisign.com/ssl/ssl-information-center/ for details. After that,
    > > it's simply a matter of ensuring that all links in the web site are via
    > > HTTPS instead of HTTP, by changing any absolute path references to use
    > > "https://" instead of "http://" A relative path that comes from an
    > > HTTPS-requested page will use the same protocol.
    > >
    > > --
    > > HTH,
    > >
    > > Kevin Spencer
    > > Microsoft MVP
    > > Chicken Salad Surgery
    > >
    > > What You Seek Is What You Get.
    > >
    > > <> wrote in message
    > > news:...
    > > > My asp.net application (developed using vs2003) runs fine on a windows
    > > > 2000 server using iis 5.0. Our network manager wants to do away with
    > > > any http connections and only use https for services that are used by
    > > > external users. I have not got a clue how to go about this. My users
    > > > are authenticated directly by querying a sql table where the user names
    > > > and passwords are stored. What do I need to do to my application or IIS
    > > > so that internal users use http and external use https? Any help on
    > > > this will be appreciated.
    > > >
     
    Vincent A., Sep 16, 2006
    #4
  5. Guest

    Thanks. This was helpful.
    Vincent A. wrote:
    > Hi,
    >
    > I'm not sure if it will helps you. But for my intranets, I generate an
    > SSL certificate with my own certificate authority created on a windows
    > 2k3 server. It's really simple to implments if your goal is to crypt
    > data (you only need to install certificate authority component).
    > Otherwise, If your goal is to authenticate your server you have to
    > fallow KB on implementing a PKI infrastructure.
    >
    > Hope it will help you.
    >
    > Vincent
    > http://varod.blogspot.com
    >
    > a écrit :
    >
    > > Thanks for you help. I am now much more conversed with https than I was
    > > before. Do i really need to go through the bother of acquiring a
    > > digital certificate if all we need is to allow remote users from
    > > another private lan to access our application via https? The firewalls
    > > on both sides make sure that only machines with specific ip addresses
    > > can get through. The main reason for using https is the security of
    > > data while on transit from one private network to another. Can we use a
    > > self certification cheme? Do we need certification for every Web server
    > > in our network? The application is an asp.net with virtually all codes
    > > behind on the server with no explicit reference to http:// ... within
    > > the codes?
    > >
    > > PS Please forgive may ignorance. The main focus of my work is on
    > > application develpment rather than implementation.
    > >
    > >
    > > Kevin Spencer wrote:
    > > > Whbat you're talking about is using SSL (Secure Sockets Layer). This
    > > > encrypts data being sent back and forth between client and server. You need
    > > > to obtain and install a Secure Certificate on the web server first. See
    > > > http://www.verisign.com/ssl/ssl-information-center/ for details. After that,
    > > > it's simply a matter of ensuring that all links in the web site are via
    > > > HTTPS instead of HTTP, by changing any absolute path references to use
    > > > "https://" instead of "http://" A relative path that comes from an
    > > > HTTPS-requested page will use the same protocol.
    > > >
    > > > --
    > > > HTH,
    > > >
    > > > Kevin Spencer
    > > > Microsoft MVP
    > > > Chicken Salad Surgery
    > > >
    > > > What You Seek Is What You Get.
    > > >
    > > > <> wrote in message
    > > > news:...
    > > > > My asp.net application (developed using vs2003) runs fine on a windows
    > > > > 2000 server using iis 5.0. Our network manager wants to do away with
    > > > > any http connections and only use https for services that are used by
    > > > > external users. I have not got a clue how to go about this. My users
    > > > > are authenticated directly by querying a sql table where the user names
    > > > > and passwords are stored. What do I need to do to my application or IIS
    > > > > so that internal users use http and external use https? Any help on
    > > > > this will be appreciated.
    > > > >
     
    , Sep 16, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Darren Clark

    asp.net and chaning betten http and https

    Darren Clark, Aug 20, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    611
    Patrice
    Aug 20, 2004
  2. SSL HTTPS in ASP.NET application

    , Sep 13, 2004, in forum: ASP .Net Security
    Replies:
    0
    Views:
    95
  3. Axel
    Replies:
    8
    Views:
    1,106
    Adrienne Boswell
    Apr 27, 2009
  4. jotto
    Replies:
    4
    Views:
    394
    jotto
    Oct 2, 2006
  5. Naveen Dhanuka
    Replies:
    1
    Views:
    287
Loading...

Share This Page